ID: 13362
Title: Adjustments to service discovery page
Component: Multisite
Level: 1
Class: New feature
Version: 2.1.0i1
UI adjustments to service discovery page:
<ul>
<li>Make the tables for each section foldable
<li>Remove icons from table headers
<li>Swap the order of services and labels sections
<li>Bring the "Fix all" button into line with all other buttons and rename to "Apply changes"
<li>Remove message "Discovered no service yet." when creating a new host
<li>Remove the rows section and show the row entries for each table separately in brackets after the title
<li>No longer display the "Full scan finished..." message after a sucessfull scan
</ul>
ID: 13385
Title: Fix error on uploading iCalendar with recurrence rules
Component: Setup
Level: 1
Class: Bug fix
Version: 2.1.0i1
If an iCalendar with recurrence rules was uploaded, the error "Failed to parse
file: '<' not supported between instances of 'list' and 'time.struct_time'"
occured.
ID: 13492
Title: Notification plugins: Fix proxy setting "Connect without proxy"
Component: Notifications
Level: 1
Class: Bug fix
Version: 2.1.0i1
For some notification plugins, proxy settings can be configured. One
of the available options is to not use any proxy ("Connect without
proxy"). This setting is intended to also bypass proxy servers
defined via environment variables (<tt>HTTP_PROXY</tt>, ...),
which did not work.
ID: 13080
Title: REST API: allow setting of downtime from read-only site
Component: Core & setup
Level: 1
Class: Bug fix
Version: 2.1.0i1
When having a read-only site attached to the master site, previously
it wasn't possible to set downtimes from there, even though it should
have been possible.
This has been changed to allow setting of downtimes even if the host is
not or no longer configured. It only needs to be currently monitored.
ID: 13491
Title: <tt>gude_humidity</tt>: Add support for Gude Expert Box 7214 devices
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.1.0i1
The check plugin <tt>gude_humidity</tt>, which monitors the humidity
sensors of Gude power control devices, now supports Expert Box 7214
devices.
ID: 13314
Title: Distributed monitoring: Do not log site secret on remote site
Component: Setup
Level: 1
Class: Security fix
Version: 2.1.0i1
This issue only affects you in case you are using a distributed monitoring setup
and only affects the remote sites of a distributed setup.
When the central site is communicating with a remote site, this access from the
central site to a remote system is authenticated used the so called site
secret. This secret is handed over to the remote site with each remote call and
validated.
Previous Checkmk versions were sending the site secret via GET parameters to
the remote site. Which made the secret visible in the access log of the remote
site apache (var/log/apache/access_log).
As these log files are normally only readable by the site user and the site
secret is also known by the site user, this alone is not a information
disclosure.
Of course it might happen that you forward a log, e.g. for error diagnosis,
then this issue might be a real problem.
Therefore, we recommend all users to update to the next version to eliminate
the problem for the future. Afterwards we recommend to check the log files
(var/log/apache/access_log and var/log/apache/access_log.*.gz) and to remove
problematic log entries. If your logs could be viewed by non Checkmk admins,
you should also change the site secret.
If you change the site secret of a remote site, you will have to navigate to
"Setup > Distributed monitoring", then "Logout" the remote site and "Login" the
site again to make the central site know the new site secret.
CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
(https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/…)
ID: 13472
Title: fjdarye500_disks_summary: "Transform failed" during cmk-update-config
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.1.0i1
For services of the plugin <i>fjdarye500_disks_summary</i> the tool
<i>cmk-update-config</i> reported "Transform failed".
This is fixed now.
ID: 13471
Title: mk_logwatch: validate regular expressions upon rule creation
Component: Setup
Level: 1
Class: Bug fix
Version: 2.1.0i1
Previously invalid regular expressons in the mk_logwatch configuration where not properly validated, leading to a crash of the plugin on the monitored host.
We now validate the configured expressions during rule creation.
ID: 13469
Title: cisco_ucs_hdd: hot spares are OK to be inoperable
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.1.0i1
The check plugin <tt>cisco_ucs_hdd</tt> used to go to a
<i>CRITICAL</i> for all disks in the state "inoperable".
However, for hot spares this is expected.
It is now considered OK.