Checkmk werks level1 December 2022

checkmk-werks-lvl1@lists.checkmk.com

23 participants
74 discussions

Checkmk Werk 15006: Fix possible error on view "Crash reports"

by Ronny Bruska

ID: 15006 Title: Fix possible error on view "Crash reports" Component: Multisite Level: 1 Class: Bug fix Version: 2.2.0i1 In systems which created a lot of crash reports, an error like "No matching entries found for query: Get crashreports" could be shown if a user tries to open the view "Crash reports".

1 year, 8 months

Checkmk Werk 14568: Prometheus: incorrect metrics in Memory service

by Solomon Jacobs

ID: 14568 Title: Prometheus: incorrect metrics in Memory service Component: Checks & agents Level: 1 Class: Bug fix Version: 2.2.0i1 Previously, the Prometheus integration incorrectly reported <tt>Anonymous pages</tt> instead of reporting <tt>Mapped data</tt> and <tt>Active (anonymous)</tt>. Moreover, <tt>Active</tt> was reported in place of <tt>Active (files)</tt>. With this werk, the correct values are displayed.

1 year, 8 months

Checkmk Werk 15047: graylog_sources: Added support for a specific timeframe for the messages to be checked in

by LukaRacic

ID: 15047 Title: graylog_sources: Added support for a specific timeframe for the messages to be checked in Component: Checks & agents Level: 1 Class: New feature Version: 2.2.0i1 Added support for a new argument to be set when configuring the graylog special agent. The argument is "source_since" and allows to set a specific timeframe in which the total number of messages should be checked. If the argument is not set, the behaviour of the check will stay the same as previously. If the argument is set, instead of providing the information about the number of new messages in a specific timeframe, now the total number of messages in a specific timeframe will be provided.

1 year, 8 months

Checkmk Werk 14961: MRPE: Deprecate add_age flag

by Andreas Umbreit

ID: 14961 Title: MRPE: Deprecate add_age flag Component: agents Level: 1 Class: Bug fix Version: 2.2.0i1 Previously, there was an option to decide whether the cache age (in case of activated caching) of an MRPE check should be displayed at the corresponding service. This could be specified either at the "Execute MRPE checks" agent ruleset, or directly at the <tt>mrpe.cfg</tt> file (UNIX) or <tt>check_mk.user.yml</tt> file. This option turned out to be of limited use, as there's no advantage in not including the cache age information to the service. Hence, the new behavior is to always include the cache age information. While this option has been inactive for a while (and never has been active for Windows), it's now officially removed from the config format. Old agent rulesets will be migrated automatically; manually specified checks will continue to work, but the <tt>appendage</tt>/<tt>add_age</tt> flags will be ignored without further notice.

1 year, 8 months

Checkmk Werk 15062: Set umask to 0077 for site user

by Maximilian Wirtz

ID: 15062 Title: Set umask to 0077 for site user Component: Core & setup Level: 1 Class: New feature Version: 2.2.0i1 With this Werk we set the umask for the site user to 0077. So by default newly created files and directories are not world or group accessible. Files which need to be accessible from other users and groups have explicitly set permissions.

1 year, 8 months

Checkmk Werk 14924: Fix CSRF in add-visual endpoint

by Maximilian Wirtz

ID: 14924 Title: Fix CSRF in add-visual endpoint Component: Setup Level: 1 Class: Security fix Version: 2.2.0i1 Previously to this Werk an attacker could utilize a cross site request forgery vulnerability in Checkmk to add elements to visuals (e.g. dashboards, reports, etc.). <b>Mitigations:</b> If you are unable to update in a timely manner you could remove the permission <tt>Customize dashboards and use them</tt> and <tt>Customize reports and use them</tt> from the used roles. So the users and admins cannot edit dashboards and reports anymore. Adding a <tt>Custom url</tt> with a malicious URL is blocked by the Content-Security-Policy. All versions of Checkmk including (1.6) are subject to this vulnerability. This vulnerability was found through a self commissioned Penetration test. We have rated the issue with a CVSS Score of 5.4 (Medium) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L</tt> A CVE has been requested.

1 year, 8 months

Checkmk Werk 15005: Fix possible KeyError on service graphs view

by Ronny Bruska

ID: 15005 Title: Fix possible KeyError on service graphs view Component: Multisite Level: 1 Class: Bug fix Version: 2.2.0i1 If a user had no permission "Services - Service (service)" and tried to open the view "Service graphs" (service_graphs) an error like "KeyError (service)" occurred.

1 year, 8 months

Checkmk Werk 14704: mk_mysql: Support for multiple sockets and aliases

by Sofia Colakovic

ID: 14704 Title: mk_mysql: Support for multiple sockets and aliases Component: Checks & agents Level: 1 Class: Bug fix Version: 2.2.0i1 Until now, the mk_mysql agent plugin could handle multiple sockets, but without the possibility to specify one alias per socket. Specifying multiple sockets and one alias for the whole instance would lead to missing services in the discovery. The option to configure multiple sockets was missing from the bakery. Now, the mk_mysql agent plugin can handle multiple socket-alias pairs which can be configured through the bakery. The configuration example mysql.cfg has been added to Setup > Agents > Other operating systems > Example Configurations.

1 year, 8 months

Checkmk Werk 13970: Showing the config of an agent will no longer fail with a Permission Mismatch

by Philipp Siegmantel

ID: 13970 Title: Showing the config of an agent will no longer fail with a Permission Mismatch Component: REST API Level: 1 Class: Bug fix Version: 2.2.0i1 Calling the "/objects/agent/" endpoint would always fail with a Permission Mismatch. This is no longer the case.

1 year, 8 months

Checkmk Werk 13969: ETag for root folder is not correctly generated

by Philipp Siegmantel

ID: 13969 Title: ETag for root folder is not correctly generated Component: REST API Level: 1 Class: Bug fix Version: 2.2.0i1 The ETag header for the root folder has been generated incorrectly, making it impossible to edit it through the REST API. This is no longer the case.

1 year, 8 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 December 2022