Werk 15099 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: crash when calling bulk-delete via the REST API
Class: fix
Compatible: compat
Component: rest-api
Date: 1696950736
Edition: cre
Knowledge: doc
Level: 1
State: unknown
Version: 2.2.0p13
Previously, when doing a bulk_delete operation via the REST API,
an exception could occur under certain conditions, most notably
one where the DCD (Dynamic Configuration Daemon) is configured
to automatically delete hosts without piggyback data.
If the error occured, in the logs these lines are occuring:
<pre>
PermissionError: Required permissions not declared for this endpoint.
Endpoint: >Endpoint cmk.gui.plugins.openapi.endpoints.host_config:bulk_delete>
Permission: general.see_all
Used permission: {'wato.all_folders', 'general.see_all', 'wato.manage_hosts'}
Declared: AllPerm([{wato.manage_hosts}, {wato.all_folders}?)
</pre>
This werk fixes this problem.
------------------------------------<diff>-------------------------------------------
Title: crash when calling bulk-delete via the REST API
Class: fix
Compatible: compat
Component: rest-api
Date: 1696950736
Edition: cre
Knowledge: doc
Level: 1
State: unknown
- Version: 2.2.0p12
? ^
+ Version: 2.2.0p13
? ^
Previously, when doing a bulk_delete operation via the REST API,
an exception could occur under certain conditions, most notably
one where the DCD (Dynamic Configuration Daemon) is configured
to automatically delete hosts without piggyback data.
If the error occured, in the logs these lines are occuring:
<pre>
PermissionError: Required permissions not declared for this endpoint.
Endpoint: >Endpoint cmk.gui.plugins.openapi.endpoints.host_config:bulk_delete>
Permission: general.see_all
Used permission: {'wato.all_folders', 'general.see_all', 'wato.manage_hosts'}
Declared: AllPerm([{wato.manage_hosts}, {wato.all_folders}?)
</pre>
This werk fixes this problem.
Title: check_mail and check_mail_loop: Enable EWS and OAuth2
Class: feature
Compatible: compat
Component: checks
Date: 1697097112
Edition: cre
Knowledge: doc
Level: 1
State: unknown
Version: 2.1.0p36
In response to the <a href="https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-o…">deprecation of basic authentication</a> for Microsoft mail services, EWS and OAuth2 are enabled for the active checks check_mail ("Check Email") and check_mail_loop ("Check Email Delivery"), as was done for check_mailboxes ("Check IMAP/EWS Mailboxes") already.
Users can now configure their respective check rules to fetch (and in case of check_mail_loop send) mails via EWS and OAuth2.
Note that some command line options for the underlying active check commands have changed. So for calling these checks directly from the command line, users will need to look into the command usage help to find the updated options. Check configurations set up in the UI, however, are migrated to the new structure and thus need no further action.
Title: crash when calling bulk-delete via the REST API
Class: fix
Compatible: compat
Component: rest-api
Date: 1696950736
Edition: cre
Knowledge: doc
Level: 1
State: unknown
Version: 2.1.0p36
Previously, when doing a bulk_delete operation via the REST API,
an exception could occur under certain conditions, most notably
one where the DCD (Dynamic Configuration Daemon) is configured
to automatically delete hosts without piggyback data.
If the error occured, in the logs these lines are occuring:
<pre>
PermissionError: Required permissions not declared for this endpoint.
Endpoint: >Endpoint cmk.gui.plugins.openapi.endpoints.host_config:bulk_delete>
Permission: general.see_all
Used permission: {'wato.all_folders', 'general.see_all', 'wato.manage_hosts'}
Declared: AllPerm([{wato.manage_hosts}, {wato.all_folders}?)
</pre>
This werk fixes this problem.
Werk 15713 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: NagVis: Updated to 1.9.38
Class: security
Compatible: compat
Component: packages
Date: 1697312456
Edition: cre
Knowledge: doc
Level: 1
Version: 2.1.0p35
NagVis 1.9.38 fixes a XSS issue
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.4 (High) with the following CVSS vector:
<tt>CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 8.4</tt>.
<b>Changes</b>:
This Werk introduces escaping for the vulnerable parameter.
------------------------------------<diff>-------------------------------------------
Title: NagVis: Updated to 1.9.38
Class: security
Compatible: compat
Component: packages
Date: 1697312456
Edition: cre
Knowledge: doc
Level: 1
Version: 2.1.0p35
+ NagVis 1.9.38 fixes a XSS issue
+ <b>Vulnerability Management</b>:
+ We have rated the issue with a CVSS Score of 8.4 (High) with the following CVSS vector:
+ <tt>CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 8.4</tt>.
+ <b>Changes</b>:
+ This Werk introduces escaping for the vulnerable parameter.
+
Title: crash when calling bulk-delete via the REST API
Class: fix
Compatible: compat
Component: rest-api
Date: 1696950736
Edition: cre
Knowledge: doc
Level: 1
State: unknown
Version: 2.2.0p12
Previously, when doing a bulk_delete operation via the REST API,
an exception could occur under certain conditions, most notably
one where the DCD (Dynamic Configuration Daemon) is configured
to automatically delete hosts without piggyback data.
If the error occured, in the logs these lines are occuring:
<pre>
PermissionError: Required permissions not declared for this endpoint.
Endpoint: >Endpoint cmk.gui.plugins.openapi.endpoints.host_config:bulk_delete>
Permission: general.see_all
Used permission: {'wato.all_folders', 'general.see_all', 'wato.manage_hosts'}
Declared: AllPerm([{wato.manage_hosts}, {wato.all_folders}?)
</pre>
This werk fixes this problem.
Werk 15713 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: NagVis: Updated to 1.9.38
Class: security
Compatible: compat
Component: packages
Date: 1697312456
Edition: cre
Knowledge: doc
Level: 1
Version: 2.2.0p12
NagVis 1.9.38 fixes a XSS issue
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.4 (High) with the following CVSS vector:
<tt>CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 8.4</tt>.
<b>Changes</b>:
This Werk introduces escaping for the vulnerable parameter.
------------------------------------<diff>-------------------------------------------
Title: NagVis: Updated to 1.9.38
Class: security
Compatible: compat
Component: packages
Date: 1697312456
Edition: cre
Knowledge: doc
Level: 1
Version: 2.2.0p12
+ NagVis 1.9.38 fixes a XSS issue
+ <b>Vulnerability Management</b>:
+ We have rated the issue with a CVSS Score of 8.4 (High) with the following CVSS vector:
+ <tt>CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 8.4</tt>.
+ <b>Changes</b>:
+ This Werk introduces escaping for the vulnerable parameter.
+
Title: Migrating ruleset systemd_services when used as static check
Class: fix
Compatible: compat
Component: wato
Date: 1697189153
Edition: cre
Knowledge: doc
Level: 1
Version: 2.2.0p12
This werk affects you, in case you've been using the ruleset systemd_services in combination with an enforced service (aka static check).
You may encounter the following error during updating to 2.2:
C+:
-| WARNING: Invalid rule configuration detected
-| Ruleset: static_checks:systemd_services
-| Title: Deprecated: Systemd single services
-| Folder: foo/bar
-| Rule nr: 1
-| Exception: You cannot save this rule. There are no elements defined for this selection yet.
C-:
This is fixed now and the update process should work without issues.
Title: crash when calling bulk-delete via the REST API
Class: fix
Compatible: compat
Component: rest-api
Date: 1696950736
Edition: cre
Knowledge: doc
Level: 1
Version: 2.3.0b1
Previously, when doing a bulk_delete operation via the REST API,
an exception could occur under certain conditions, most notably
one where the DCD (Dynamic Configuration Daemon) is configured
to automatically delete hosts without piggyback data.
If the error occured, in the logs these lines are occuring:
<pre>
PermissionError: Required permissions not declared for this endpoint.
Endpoint: <Endpoint cmk.gui.plugins.openapi.endpoints.host_config:bulk_delete>
Permission: general.see_all
Used permission: {'wato.all_folders', 'general.see_all', 'wato.manage_hosts'}
Declared: AllPerm([{wato.manage_hosts}, {wato.all_folders}?)
</pre>
This werk fixes this problem.
Werk 15713 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: NagVis: Updated to 1.9.38
Class: security
Compatible: compat
Component: packages
Date: 1697312456
Edition: cre
Knowledge: doc
Level: 1
Version: 2.3.0b1
NagVis 1.9.38 fixes a XSS issue
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.4 (High) with the following CVSS vector:
<tt>CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 8.4</tt>.
<b>Changes</b>:
This Werk introduces escaping for the vulnerable parameter.
------------------------------------<diff>-------------------------------------------
Title: NagVis: Updated to 1.9.38
Class: security
Compatible: compat
Component: packages
Date: 1697312456
Edition: cre
Knowledge: doc
Level: 1
Version: 2.3.0b1
+ NagVis 1.9.38 fixes a XSS issue
+ <b>Vulnerability Management</b>:
+ We have rated the issue with a CVSS Score of 8.4 (High) with the following CVSS vector:
+ <tt>CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 8.4</tt>.
+ <b>Changes</b>:
+ This Werk introduces escaping for the vulnerable parameter.
+