ID: 15591
Title: time_periods: etag now defined in the openapi schema for GET and PUT endpoints
Component: REST API
Level: 1
Class: Bug fix
Version: 2.3.0b1
This werk fixes an issue with the openapi schema. Previously the etag
wasn't defined for the GET or the PUT endpoints. Now it is.
ID: 15459
Title: filestats: Fix crash when monitoring a symlink with a non-existing target
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.3.0b1
Until now, the check plugin would crash if a monitored file didn't have age and
size information. This case is possible for symlinks with a non-existing target,
files that vanished during agent plugin run and in case of errors.
Now, the affected files will be ignored when calculating age and size extremes and
the status of the file will be shown in case of 'Single file' aggregation.
ID: 15525
Title: Improve UI for edge cases in the service discovery page
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.3.0b1
A <a href="https://checkmk.com/de/werk/15233">recent fix</a> introduced a new message to the service discovery page in case no cached data was available for SNMP devices:
<i>Could not find any service for this host. You might need to trigger a rescan.</i>
This message was also shown if for some other reason the datasources failed, such as an unreachable host or a missconfiguration.
In those cases a rescan would obviousy not help, and the user would just get this message again.
This is now mitigated by showing a different message once a rescan has been triggered:
<i>No services found.
If you expect this host to have (vanished) services, it probably means that one of the confured data sources is not operating as expected.
Take a look at the </i>Check_MK<i> service to see what is wrong.
</i>
<b>Note:</b>
The underlying issue here is, that the service discovery currently does not report on the state of the datasources, i.e., whether even the connection to hosts was successfull.
If the connection can not be established, for instance because of changed SNMP credentials, users probably do not want to remove all of their services.
While <i>all</i> services being vanished probably alerts an attentive user, the situation is even more intransparent if one of multiple datasources only creates few services.
In such a case it is impossible to distinguish the truly vanished services from the ones only missing as a result of the failed datasource.
This more fundamental issue will be addressed in Checkmk versions 2.2 upwards.
ID: 15439
Title: site_connection: Wrong configuration was being set when live proxy global settings was set to False
Component: REST API
Level: 1
Class: Bug fix
Version: 2.3.0b1
This werk fixes an issue with the proxy field attribute, global_settings. When it was set
to False via the rest-api, with no params option, it was incorrectly setting the
configuration for parameters to None instead of {}.
ID: 15070
Title: Drop support for weak DH ciphers
Component: Multisite
Level: 1
Class: Security fix
Version: 2.3.0b1
With this Werk two TLS ciphers are disabled from the <tt>stunnel</tt> configuration.
<tt>stunnel</tt> is used when the <i>Encrypt communication</i> option in <i>Enable Livestatus access via network (TCP)</i> or <i>Notification Spooler Configuration</i> is used.
To our knowledge no attacks on these ciphers are known, this is a hardening measure.
We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). This CVSS is primarily meant to please automatic scanners.
ID: 15524
Title: Avoid confusion with MKPs 'Minimum required Checkmk version'
Component: Setup
Level: 1
Class: New feature
Version: 2.3.0b1
This only affects users that create MKPs and make use of the field 'Minimum required Checkmk version'.
This field is usually prepopulated with the version number of the site (e.g. "2.1.0p17").
We found users frequently removed the patch release number (turning it into "2.1.0"), thinking that this tranlates as "any 2.1 version".
However, it does not. "2.1.0" is the specific version released after "2.1.0b9" and before "2.1.0p1".
Consequently, an MKP that requires version 2.2.0, for instance, will not be available in verison 2.1.0b1.
This is most likely not what users wanted, so we now prompt a warning if such a version number is specified.
You can still configure it, though.
ID: 15579
Title: mk_mongodb: Added possibility to configure port via the GUI
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.3.0b1
Now it is possible to configure the port via the GUI in the existing ruleset.
ID: 15440
Title: site_connection: allow the customer field to be set when creating/updating a site connection
Component: REST API
Level: 1
Class: Bug fix
Version: 2.3.0b1
This werk allows clients connecting to the checkmk managed edition via the
rest-api to include the customer attribute when creating or updating a site
connection. Previously this was not possible.
ID: 15458
Title: mk_filestats: bakery rule matching changed to support rule merging
Component: Setup
Level: 1
Class: New feature
Version: 2.3.0b1
The mk_filestats bakery rule matched the first applicable rule until now.
In order to allow configuring defaults, delimiters and sections separately,
the matching logic of the rule has been changed to merge rules like it's done
for the monitoring service rules.
ID: 15438
Title: site_connection: Wrong configuration was being set when creating a site with livestatus proxy daemon
Component: REST API
Level: 1
Class: Bug fix
Version: 2.3.0b1
This werk fixes an issue with the create a site connection endpoint. Previously when
configuring a proxy with encryption disabled, a wrong config was being saved. This
werk addresses this by writing the correct config to file.