Checkmk werks level1 November 2023

checkmk-werks-lvl1@lists.checkmk.com

1 participants
219 discussions

[2.2.0] Checkmk Werk 16299 created: Fix inconsistent interaction for graphs in dashboards

by Checkmk werks level 1

Title: Fix inconsistent interaction for graphs in dashboards Class: fix Compatible: compat Component: multisite Date: 1700147621 Edition: cre Level: 1 Version: 2.2.0p15 The mouse interaction (zooming, scrolling etc.) for graphs in dashboards only worked sporadically and at seemingly random points.

10 months

[2.2.0] Checkmk Werk 15196 created: Allow CA certificates without key usage restrictions

by Checkmk werks level 1

Title: Allow CA certificates without key usage restrictions Class: fix Compatible: compat Component: wato Date: 1700470697 Edition: cre Level: 1 Version: 2.2.0p15 Prior to this Werk, certificates that did not include the KeyUsage extension were not considered CA certificates by Checkmk, as they lack the keyCertSign bit. While CAs conforming with RFC 5280 MUST include the extension and set this bit, not all do in practice. Recommendation ITU-T X.509 considers only the basicConstraint "cA" required for CAs. With this Werk, Checkmk will consider setting the cA basicConstraint but not the KeyUsage extension as valid for CA certificates. Note that certificates that do set the KeyUsage extension but lack the keyCertSign bit may still not be used for certificate signing.

10 months

[2.3.0] Checkmk Werk 15644 adapted: postgres_processes: Restore Monitoring if Instance Name is Missing

by Checkmk werks level 1

Werk 15644 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: postgres_processes: Restore Monitoring if Instance Name is Missing Class: fix Compatible: compat Component: checks Date: 1695383436 Edition: cre Knowledge: doc Level: 1 Version: 2.3.0b1 As of version 2.1.0p30 and 2.2.0p4, it was no longer possible to use the plugin postgres_instances, if the instance name was empty. In previous versions, this plugin would show a service with the item <tt>PostgreSQL Instance </tt>. This service would be OK, if there was at least one process belonging to any postgres instance, and CRIT otherwise. With this Werk, the plugin postgres_instances no longer crashes, if there is an empty instance name. The old service <tt>PostgreSQL Instance </tt> is no longer discovered. Instead the new check plugin postgres_processes can be used. ------------------------------------<diff>------------------------------------------- Title: postgres_processes: Restore Monitoring if Instance Name is Missing Class: fix Compatible: compat Component: checks Date: 1695383436 Edition: cre Knowledge: doc Level: 1 Version: 2.3.0b1 As of version 2.1.0p30 and 2.2.0p4, it was no longer possible to use the plugin postgres_instances, - if the instance name was empty, i.e. ``. In previous versions, this plugin would show a service with ? --- ------ + if the instance name was empty. In previous versions, this plugin would show a service with - the item `PostgreSQL Instance `. This service would be OK, if there was at least one process ? ^ ^ + the item <tt>PostgreSQL Instance </tt>. This service would be OK, if there was at least one process ? ^^^^ ^^^^^ belonging to any postgres instance, and CRIT otherwise. With this Werk, the plugin postgres_instances no longer crashes, if there is an empty instance name. - The old service `PostgreSQL Instance ` is no longer discovered. Instead the new check plugin ? ^ ^ + The old service <tt>PostgreSQL Instance </tt> is no longer discovered. Instead the new check plugin ? ^^^^ ^^^^^ postgres_processes can be used.

10 months

[2.3.0] Checkmk Werk 16224 created: CSRF in user-message deletion

by Checkmk werks level 1

Title: CSRF in user-message deletion Class: security Compatible: compat Component: wato Date: 1700648297 Edition: cre Level: 1 Version: 2.3.0b1 In Checkmk you can message other users via *Send user message*. Prior to this Werk an authenticated attacker who receives such a user-message could craft a link with the generated message uuid to delete the message. This link was prone to CSRF and when another user was tricked into opening this link the message was deleted possibly before the user could read it. * This vulnerability was identified through a commissioned penetration test conducted by Port Zero. Affected Versions: LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 Vulnerability Management: We have rated the issue with a CVSS Score of 3.5 (Low) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N</tt>. We assigned CVE-2023-6251 to this vulnerability. Changes: This Werk adds CSRF token validation to this endpoint.

10 months

[2.3.0] Checkmk Werk 16221 created: Livestatus Injections

by Checkmk werks level 1

Title: Livestatus Injections Class: security Compatible: compat Component: wato Date: 1700066363 Edition: cre Level: 1 Version: 2.3.0b1 Prior to this Werk it was possible to inject arbitrary livestatus commands to the core via the WebUI. We found this vulnerability internally. Affected Versions: LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 Vulnerability Management: We have rated the issue with a CVSS Score of 7.6 (High) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H</tt>. We assigned CVE-2023-6156 and CVE-2023-6157 to these vulnerabilities. Changes: This Werk strips the relevant parameters of newlines.

10 months

[2.3.0] Checkmk Werk 16299 created: Fix inconsistent interaction for graphs in dashboards

by Checkmk werks level 1

Title: Fix inconsistent interaction for graphs in dashboards Class: fix Compatible: compat Component: multisite Date: 1700147621 Edition: cre Level: 1 Version: 2.3.0b1 The mouse interaction (zooming, scrolling etc.) for graphs in dashboards only worked sporadically and at seemingly random points.

10 months

[2.3.0] Checkmk Werk 15627 deleted: <tt>winperf_if</tt>: Don't Show Connected as Operation Status

by Checkmk werks level 1

Werk 15627 was deleted. The following Werk is no longer relevant. Title: <tt>winperf_if</tt>: Don't Show Connected as Operation Status Class: fix Compatible: incomp Component: checks Date: 1686554878 Edition: cre Knowledge: doc Level: 1 Version: 2.3.0b1 This change affects the <tt>Interface</tt> service on Windows nodes. The plugin <tt>winperf_if</tt> would show the operation state 'Connected', even if no information about the operation state was available. Note, the Windows Agent does not always provide the operation state. This is the case when none of the plugins are enabled. The check will now show 'Not available' instead. If you see this state, we recommend that you enable the plugins to collect the necessary data. This can be done via the <tt>Agent Bakery</tt> rule <tt>Setup > Agents > Windows, Linux, Solaris, AIX > Agent rules > Network interfaces on Windows > Add rule: Network interfaces on Windows</tt>. After potentially adjusting the agent, users should do re-discovery of the interface services. This ensures that the discovered operation state is consistent with the current behaviour. If it impossible to use the agent plugin, existing rules <tt>Network interface and switch port discovery</tt> and <tt>Network interfaces and switch ports</tt> should to be adjusted instead.

10 months

[2.3.0] Checkmk Werk 16230 created: Add cloud edition features to Managed Services Edition

by Checkmk werks level 1

Title: Add cloud edition features to Managed Services Edition Class: feature Compatible: compat Component: omd Date: 1700123142 Edition: cme Level: 3 Version: 2.3.0b1 With this werk, the Checkmk Managed Services Edition is now based on the Checkmk Cloud Edition and includes thus all features of the Checkmk Cloud Edition. A technical overview of the new features can be found in the user manual: https://docs.checkmk.com/latest/en/cce.html

10 months

[2.1.0] Checkmk Werk 15101 created: broken autocomplete select fields

by Checkmk werks level 1

Title: broken autocomplete select fields Class: fix Compatible: compat Component: wato Date: 1700476403 Edition: cre Level: 2 Version: 2.1.0p37 When a configuration form page is loaded with lots of selects, it could take a very long time for the page to load. To gain more performance, the conversion of select-fields to more user-friendly ones would be skipped whenever the conversion would have taken longer than 3 seconds. This lead to the bug that in this situation, autocomplete fields would stop working completely. This is fixed with this werk. While regular select fields can still be skipped to gain page-load performance, autocomplete will never be skipped now. There are no manual changes necessary by the user for this to take effect.

10 months

[2.1.0] Checkmk Werk 15311 created: align quoting of synchronous and asynchronous MRPE

by Checkmk werks level 1

Title: align quoting of synchronous and asynchronous MRPE Class: fix Compatible: incomp Component: checks Date: 1700489068 Edition: cre Level: 1 Version: 2.1.0p37 You are affected by this change if you use asynchronous MRPE and used double quotes (<tt>"</tt>) in the MRPE command. Quoting of mrpe commands differed between cached and non cached mrpe checks. With this Werk the quoting rules for the normal/synchronous execution of MRPE are applied to asynchronous MRPE commands. The following can now be applied to both asynchronous and normal/synchronous execution of MRPE commands: Use single quotes on the first level of quoting. This command will correctly show <tt>output with spaces</tt> in the Service output: <tt>bash -c 'echo "output with spaces"'</tt> If you execute asynchronous MRPE and the command uses double quotes on the first level of quoting, adapt it accordingly.

10 months

← Newer
1
...
5
6
7
8
9
10
11
...
22
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 November 2023