Checkmk werks level1 November 2023

checkmk-werks-lvl1@lists.checkmk.com

1 participants
219 discussions

[2.1.0] Checkmk Werk 15195 created: Protect automation user secret against timing attacks

by Checkmk werks level 1

Title: Protect automation user secret against timing attacks Class: security Compatible: compat Component: wato Date: 1700216645 Edition: cre Knowledge: undoc Level: 1 State: unknown Version: 2.1.0p37 This Werks improves how the secret of an automation user is validated during login. Prior to the Werk, the automation user's password was not checked in a way that is safe against (theoretical) timing attacks. This is fixed now. Even though this Werk improves security, it does not address an exploitable vulnerability. To aid automated scanning we assign a CVSS score of 0.0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).

10 months

[2.2.0] Checkmk Werk 15101 created: broken autocomplete select fields

by Checkmk werks level 1

Title: broken autocomplete select fields Class: fix Compatible: compat Component: wato Date: 1700476403 Edition: cre Level: 2 Version: 2.2.0p15 When a configuration form page is loaded with lots of selects, it could take a very long time for the page to load. To gain more performance, the conversion of select-fields to more user-friendly ones would be skipped whenever the conversion would have taken longer than 3 seconds. This lead to the bug that in this situation, autocomplete fields would stop working completely. This is fixed with this werk. While regular select fields can still be skipped to gain page-load performance, autocomplete will never be skipped now. There are no manual changes necessary by the user for this to take effect.

10 months

[2.2.0] Checkmk Werk 15311 created: align quoting of synchronous and asynchronous MRPE

by Checkmk werks level 1

Title: align quoting of synchronous and asynchronous MRPE Class: fix Compatible: incomp Component: checks Date: 1700489068 Edition: cre Level: 1 Version: 2.2.0p15 You are affected by this change if you use asynchronous MRPE and used double quotes (<tt>"</tt>) in the MRPE command. Quoting of mrpe commands differed between cached and non cached mrpe checks. With this Werk the quoting rules for the normal/synchronous execution of MRPE are applied to asynchronous MRPE commands. The following can now be applied to both asynchronous and normal/synchronous execution of MRPE commands: Use single quotes on the first level of quoting. This command will correctly show <tt>output with spaces</tt> in the Service output: <tt>bash -c 'echo "output with spaces"'</tt> If you execute asynchronous MRPE and the command uses double quotes on the first level of quoting, adapt it accordingly.

10 months

[2.2.0] Checkmk Werk 16303 created: Fix "Metric history" context filter on view edit

by Checkmk werks level 1

Title: Fix "Metric history" context filter on view edit Class: fix Compatible: compat Component: multisite Date: 1700552738 Edition: cee Level: 1 Version: 2.2.0p15 If you edited a view with the context filter "Metric history", the value was always "Only first 10 sorted results", even if another value was set before. This was just a problem with the default choice of the dropdown. If you used the view, the filter should have been worked as expected.

10 months

[2.2.0] Checkmk Werk 15195 created: Protect automation user secret against timing attacks

by Checkmk werks level 1

Title: Protect automation user secret against timing attacks Class: security Compatible: compat Component: wato Date: 1700216645 Edition: cre Knowledge: undoc Level: 1 State: unknown Version: 2.2.0p15 This Werks improves how the secret of an automation user is validated during login. Prior to the Werk, the automation user's password was not checked in a way that is safe against (theoretical) timing attacks. This is fixed now. Even though this Werk improves security, it does not address an exploitable vulnerability. To aid automated scanning we assign a CVSS score of 0.0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).

10 months

[2.2.0] Checkmk Werk 15310 created: oracle_crs_res: TypeError: Resource.__init__() got an unexpected keyword argument 'enabled'

by Checkmk werks level 1

Title: oracle_crs_res: TypeError: Resource.__init__() got an unexpected keyword argument 'enabled' Class: fix Compatible: compat Component: checks Date: 1700145397 Edition: cre Knowledge: doc Level: 1 Version: 2.2.0p15 Agent output changed with newer oracle databases, it now includes "enabled" data. Previous version of this check could not handle this and crashed with the following error: <tt>TypeError: Resource.__init__() got an unexpected keyword argument 'enabled'</tt> oracle_crs_res now ignores all additional data.

10 months

[2.2.0] Checkmk Werk 16294 created: ibm_imm_temp: Fix <tt>ValueError (could not convert string to float: '')</tt>

by Checkmk werks level 1

Title: ibm_imm_temp: Fix <tt>ValueError (could not convert string to float: '')</tt> Class: fix Compatible: compat Component: checks Date: 1700149060 Edition: cre Knowledge: undoc Level: 1 State: unknown Version: 2.2.0p15 This werk fixes the crash mentioned above.

10 months

[2.3.0] Checkmk Werk 15196 created: Allow CA certificates without key usage restrictions

by Checkmk werks level 1

Title: Allow CA certificates without key usage restrictions Class: fix Compatible: compat Component: wato Date: 1700470697 Edition: cre Level: 1 Version: 2.3.0b1 Prior to this Werk, certificates that did not include the KeyUsage extension were not considered CA certificates by Checkmk, as they lack the keyCertSign bit. While CAs conforming with RFC 5280 MUST include the extension and set this bit, not all do in practice. Recommendation ITU-T X.509 considers only the basicConstraint "cA" required for CAs. With this Werk, Checkmk will consider setting the cA basicConstraint but not the KeyUsage extension as valid for CA certificates. Note that certificates that do set the KeyUsage extension but lack the keyCertSign bit may still not be used for certificate signing.

10 months

[2.3.0] Checkmk Werk 15210 adapted: mk_oracle: change host and port to required fields in auth choices

by Checkmk werks level 1

Werk 15210 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: mk_oracle: change host and port to required fields in auth choices Class: fix Compatible: compat Component: wato Date: 1675686406 Edition: cre Knowledge: doc Level: 1 Version: 2.3.0b1 The Oracle plugin allowed the user to configure Login options without actually configuring any details. This also resulted in the default values for 'Hostname' or 'TCP-Port for Listener' to be ignored. This werk fixes this issue. ------------------------------------<diff>------------------------------------------- Title: mk_oracle: change host and port to required fields in auth choices Class: fix Compatible: compat Component: wato Date: 1675686406 Edition: cre Knowledge: doc Level: 1 - Version: 2.2.0i1 ? ^ ^ + Version: 2.3.0b1 ? ^ ^ The Oracle plugin allowed the user to configure Login options without actually configuring any details. This also resulted in the default values for 'Hostname' or 'TCP-Port for Listener' to be ignored. This werk fixes this issue. -

10 months

[2.3.0] Checkmk Werk 15635 adapted: citrix_state: Fix Crashing Plugins

by Checkmk werks level 1

Werk 15635 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: citrix_state: Fix Crashing Plugins Class: fix Compatible: compat Component: checks Date: 1687522021 Edition: cre Knowledge: doc Level: 1 Version: 2.3.0b1 This is a follow-up to Werk 15623. The following checks were not properly migrated in the 2.2.0 release: LI: <tt>citrix_state.hosting_server</tt> LI: <tt>citrix_state.controller</tt> LI: <tt>citrix_state</tt> With this Werk, they continue to work as they did in 2.1.0. ------------------------------------<diff>------------------------------------------- Title: citrix_state: Fix Crashing Plugins Class: fix Compatible: compat Component: checks Date: 1687522021 Edition: cre Knowledge: doc Level: 1 - Version: 2.2.0p5 ? ^ ^^ + Version: 2.3.0b1 ? ^ ^^ This is a follow-up to Werk 15623. The following checks were not properly migrated in the 2.2.0 release: LI: <tt>citrix_state.hosting_server</tt> LI: <tt>citrix_state.controller</tt> LI: <tt>citrix_state</tt> With this Werk, they continue to work as they did in 2.1.0. -

10 months

← Newer
1
...
6
7
8
9
10
11
12
...
22
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 November 2023