Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: 677c99a64d1f2073fb1e4eea3bf3af98387852ec
https://github.com/tribe29/checkmk/commit/677c99a64d1f2073fb1e4eea3bf3af983…
Author: Mathias Laurin <mathias.laurin(a)tribe29.com>
Date: 2022-09-06 (Tue, 06 Sep 2022)
Changed paths:
M cmk/gui/command_utils.py
M cmk/gui/view_renderer.py
Log Message:
-----------
Move filter_selected_rows close to its only call-site
CMK-11212
Change-Id: I32f2df9902e0b6d819239ecd6ed0f2733fc27881
Commit: 5028f321b74f9b4cf784ed17418bdd88953ddb50
https://github.com/tribe29/checkmk/commit/5028f321b74f9b4cf784ed17418bdd889…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-09-06 (Tue, 06 Sep 2022)
Changed paths:
M cmk/gui/dashboard.py
R cmk/gui/plugins/dashboard/static_text.py
Log Message:
-----------
Move dashlet to dashboard to prevent plugin import
The dashlet class will be referenced in cmk.gui.dashboard in the
next commit. To prevent a plugin import move the definition.
Change-Id: Ia04b522d28e4404457a1be901daa20e169d19386
Commit: 84459b82e40564327de69fcc2e39e5246de38d58
https://github.com/tribe29/checkmk/commit/84459b82e40564327de69fcc2e39e5246…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-09-06 (Tue, 06 Sep 2022)
Changed paths:
M cmk/gui/plugins/dashboard/custom_url.py
M cmk/gui/plugins/dashboard/utils.py
Log Message:
-----------
Move custom_url specific code to url dashlet implementation
Change-Id: Ifbcb53ec94fca57719d439978d29ae26576b6d5f
Commit: 167c6f5a8aaa3db516c7310644908dd0f5cd8404
https://github.com/tribe29/checkmk/commit/167c6f5a8aaa3db516c7310644908dd0f…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-09-06 (Tue, 06 Sep 2022)
Changed paths:
M cmk/gui/plugins/dashboard/utils.py
M cmk/gui/visuals.py
Log Message:
-----------
Simplify context_to_uri_vars
Change-Id: Ief612481609b675b1cebbd2ff8292dda8fd66b30
Commit: b728a00066ae7221fecd652e81a294460740a6ba
https://github.com/tribe29/checkmk/commit/b728a00066ae7221fecd652e81a294460…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-09-06 (Tue, 06 Sep 2022)
Changed paths:
M cmk/gui/dashboard.py
M cmk/gui/plugins/dashboard/custom_url.py
M cmk/gui/plugins/dashboard/graph.py
M cmk/gui/plugins/dashboard/utils.py
M cmk/gui/plugins/dashboard/view.py
M cmk/gui/plugins/views/mkeventd.py
M tests/unit/cmk/gui/test_dashboard.py
Log Message:
-----------
Make DashletConfig typed dicts
There are some TODOs left. One cluster first needs to have a TypedDict
for the ViewSpec and the other needs a better typing for from_html_vars
of the Dictionary valuespecs which we may be able to improve with Python
3.11.
Change-Id: I594e1039790f197bd2f3f794205195de06737e30
Commit: a2f10098bc81e9e986b2c8540954baefa1b22b2c
https://github.com/tribe29/checkmk/commit/a2f10098bc81e9e986b2c8540954baefa…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-09-06 (Tue, 06 Sep 2022)
Changed paths:
A .werks/14485
Log Message:
-----------
14485 SEC Fix session cookie validation on RestAPI
Before this Werk expired sessions were still valid on the RestAPI, since the
RestAPI only vaildated the Cookie signature.
An attacker who was able to steal a session cookie could use that cookie on the
RestAPI even after the session expired. Some actions though require access to
the user session, these action fail due to the expired session. Some actions do
not access the session and are therefore possible.
<b>Affected Versions</b>:
All versions with the RestAPI are affected: 2.0, and 2.1.
<b>Mitigations</b>:
Immediate mitigations are not available.
<b>Indicators of Compromise</b>:
Review Apache and web.log for suspicious logs.
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 5.6 (Medium) with the following
CVSS vector:
<tt>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L</tt>.
A CVE has been requested.
This was originally fixed with 003e97510689587dc194115d43c58b2282ac0b17.
Change-Id: If2114e3ce59c66163b388b7bf634181ea972a174
Compare:
https://github.com/tribe29/checkmk/compare/ffe006d0d0e5...a2f10098bc81