ID: 14475
Title: Don't show setup menu on remote sites with WATO disabled
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
The setup menu was shown on remote sites with option "Disable configuration via
WATO on this site" enabled.
Because every entry in this menu resulted in the same message that the setup
menu can not be used, we decided to remove the menu on such sites.
ID: 14733
Title: cmk-update-agent: Prevent the minutely timer from flooding the journalctl on Linux
Component: agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
The agent updater comes with a systemd timer unit that invokes cmk-update-agent minutely
in order to check for a pending installation.
We now prevent the timer (or more precisely: the corresponding service unit) from writing
status messages on every start and stop to journalctl.
A detailed log can already be found at /var/lib/check_mk_agent/cmk-update-agent.log
ID: 14369
Title: user_config: add fix to stop user being logged out when using the REST API edit endpoint
Component: REST API
Level: 1
Class: Bug fix
Version: 2.2.0i1
This werk fixes a bug in the REST API edit user endpoint. The serial count should only
increment when the client attempts to edit the auth_option nested attributes.
ID: 14745
Title: Fix "Data: b''" in notification result of event console bulk notifications
Component: Notifications
Level: 1
Class: Bug fix
Version: 2.2.0i1
The event console can send notifications with the option "Send monitoring
notification" in an event console rule enabled.
If such rule matched and a notification rule with bulk enabled matched that
notification, the notification result could contain, in addition to successful
processing, the entry "Data: b''". This happend if no graph could be found for
the host or service of the notification.
This problem exists at least since version 1.6.
Also a traceback with multiple exceptions was shown in ~/var/log/web.log.
ID: 14761
Title: SAP Hana fileinfo: negative file age causes crash
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
In the event that the SAP Hana host is in a timezone other than UTC, the
"fileinfo" check could crash reading the error message "ValueError (Cannot
render negative timespan)". This has been fixed. If you require this fix,
please deploy the agent plugin "mk_sap_hana" to the affected hosts.
The problem was that the timestamp that the timestamps of the files were
incorrectly converted from local time to UTC. In addition, the reference
timestamp (current time) used to calculate file age was determined before the
modified times of the SAP Hana files were collected. This could lead to a
scenario in which the reference timestamp was older than the modified time of
the files.
ID: 14764
Title: apc_mod_pdu_modules: total power measurement displayed at wrong scale
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
The check "apc_mod_pdu_modules" assumed power measurements to be in hundreths
of kW, instead of tenths of kW as described in the device's MIB. The correct
scale is now applied.
ID: 13956
Title: The BI Pack endpoints will now check if the given contact groups actually exist
Component: REST API
Level: 1
Class: Bug fix
Version: 2.2.0i1
The BI Pack endpoint will now check if the contact groups it is given actually exists.
If that is not the case, it will respond with a validation error that has a 400 status code.
ID: 14532
Title: azure_postgresql: Monitor Azure database for PostgreSQL
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.2.0i1
It's now possible to monitor Azure database for PostgreSQL in Checkmk.
Six new checks have been added:
<ul>
<li>Microsoft Azure PostgreSQL Database: CPU Utilization</li>
<li>Microsoft Azure PostgreSQL Database: Connections</li>
<li>Microsoft Azure PostgreSQL Database: Memory Utilization</li>
<li>Microsoft Azure PostgreSQL Database: Network</li>
<li>Microsoft Azure PostgreSQL Database: Replication</li>
<li>Microsoft Azure PostgreSQL Database: Storage</li>
</ul>
The new services will be automatically discovered if you have
an Azure database for PostgreSQL in the resource group already monitored
in Checkmk.
ID: 14291
Title: NagVis: Updated to 1.9.34 (Fix security issues)
Component: Other Components
Level: 1
Class: Security fix
Version: 2.2.0i1
This update of NagVis fixes the following security issues:
1. Fix SSRF (triggerable by admin users)
An administrative user with access to the global options, could perform a
server-side request forgery.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L (8.2)
2. Fix arbitrary file read
An authenticated attacker can read arbitrary files with the permissions of the
web server user.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L (9.1)
3. Fix type juggling vulnerability in cookie hash processing
An attacker could bypass the authentication and gain access to the NagVis
component of checkmk.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N (3.7)
ID: 14742
Title: Fix combined search for tag groups
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
If you used "tg:" for tag groups in combined searches, no results were shown,
even if the search would match.
This feature was broken since at least version 1.6.
You can now use combined searches like "s: MY_SERVICE tg: MY_TAG" in the
monitoring search and quicksearch again.