ID: 15374
Title: crash-reporting: Improve crash reporting information
Component: REST API
Level: 1
Class: Bug fix
Version: 2.3.0b1
In the event of a crash when calling the rest-api, having more
useful information helps find the root cause which helps
fix the issue quicker. This werk introduces the changes to
the data returned in a crash report.
ID: 15412
Title: Graphs and perfometers: Render temperatures in Kelvin without degree symbol
Component: metrics
Level: 1
Class: Bug fix
Version: 2.3.0b1
Temperatures in Kelvin are now rendered without the degree symbol in graphs and perfometers:
"341.1 K" instead of "341.1 °K".
ID: 15424
Title: Agent Bakery: Show full agent hash in GUI
Component: agents
Level: 1
Class: Bug fix
Version: 2.3.0b1
The agent hashes of baked agent packages, as shown in the available agents table in the agent bakery GUI, now are shown entirely, rather than abbreviated to 8 digits.
While there is little benefit in abbreviating the hash, it turned out to be tedious to look up the full hash on the GUI.
ID: 15422
Title: Agent Bakery: New default UNIX agent folder permissions
Component: agents
Level: 1
Class: Bug fix
Version: 2.3.0b1
This change will be compatible for most, if not all, users.<br>
You are only affected if you actually make use of the (now removed) group-writable flag on agent package folders.<br>
Normally, (especially when using the agent updater) the checkmk agent package files/folders will be installed with root ownership, while metadata of pre-existing folders won't be altered by the installation.<br>
Hence, only customized installation methods (e.g., unpacking the tar package with a special user) may possibly run into problems with this change.
Previously, the folders of a baked UNIX agent package were packaged with octal permissions of <tt>775</tt>.<br>
This lead to problems in some rare cases, e.g. when storing (and using) an ssh-id under an agent folder.
This has now been changed to <tt>755</tt>, as the agent's folders are owned by root and also installed under folders owned by root by default.<br>
Please note that these are the permissions of the folders as they are packaged by the agent bakery.<br>
Depending on the package manager (or <tt>tar</tt> unpack command) and the target system's umask, the installed folders may end up with other permissions.
ID: 15512
Title: Cloud VM Dashboards: replace host summary dashlet with service summary dashlet
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.3.0b1
As piggyback hosts currently do not have a host state (except UP), the overview
dashlet is replaced by an overview of the VM specfic services of the particular
cloud special agent.
ID: 13752
Title: Support Diagnostics: Add option for licensing information
Component: Setup
Level: 1
Class: New feature
Version: 2.3.0b1
The Support Diagnostics now contain, if selected, information about the licensing.
This includes files from the directories ~/var/check_mk/licensing and ~/var/log.
Having this information, the support team is able to reproduce licensing issues in your environment.
ID: 15411
Title: Render temperature units consistently with space in service outputs
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.3.0b1
Depending on the underlying check plugin, Checkmk rendered temperature units with or without a space
in service outputs. As of this werk, Checkmk consistently renders temperatures with a space between
the numerical value and the unit. Examples:
LI: 12.0 °C instead of 12.0°C
LI: 256.41 K instead of 256.41 K
ID: 15423
Title: Linux agent: Handle failing symmetric encryption
Component: Checks & agents
Level: 1
Class: Security fix
Version: 2.3.0b1
Prior to this Werk the symmetric encryption of agent data (if configured) would fail silently if the option "Run agent as non-root user (Linux)" was also set, since these two options are not compatible.
As a result, agent output would be sent unencrypted.
If symmetric encryption is configured, but failing, the agent will now abort immediately and transmit a message about the failure as the only output.<br>
This will then be reported at the <i>Check_MK Agent</i> service of the host, alongside a <tt>CRIT</tt> status.
<b>Affected Versions</b>:
LI: 2.2.0 (beta)
LI: 2.1.0
LI: 2.0.0
LI: 1.6.0 (EOL)
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 3.7 (Low) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</tt>.
We have assigned CVE <tt>CVE-2023-1768</tt>.
ID: 15595
Title: aux_tag: editing a builtin aux tag is not allowed
Component: REST API
Level: 1
Class: Bug fix
Version: 2.3.0b1
This werk addresses an issue when trying to edit a builtin auxilliary tag.
Previously this would cause a 500 Internal Server Error. With this change
we now return a 404 response with an appropriate error message.