Werk 15320 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: heartbeat_crm_resources: unmanaged stopped resources could not go critical
Class: fix
Compatible: compat
Component: checks
Date: 1706189999
Edition: cre
Level: 1
Version: 2.2.0p25
Stopped resources are marked <code>CRIT</code>.
If a resources was stopped and unmanaged, it was not marked as <code>CRIT</code>.
------------------------------------<diff>-------------------------------------------
Title: heartbeat_crm_resources: unmanaged stopped resources could not go critical
Class: fix
Compatible: compat
Component: checks
Date: 1706189999
Edition: cre
Level: 1
- Version: 2.2.0p24
? ^
+ Version: 2.2.0p25
? ^
Stopped resources are marked <code>CRIT</code>.
If a resources was stopped and unmanaged, it was not marked as <code>CRIT</code>.
Werk 16362 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Update Python version for Windows agent
Class: security
Compatible: compat
Component: checks
Date: 1709283564
Edition: cee
Level: 1
Version: 2.2.0p25
When agent plugins are configured for a windows agent the baked package for windows contains a Python version.
This version is updated from 3.11.7 to 3.11.8.
This contains an update from openssl 3.0.11 to 3.0.13 and a fix for:
* CVE-2024-0727
* CVE-2023-6237
* CVE-2023-6129
* CVE-2023-5678
* CVE-2023-5363
To our knowledge none of these vulnerabilities were exploitable in this setup.
We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). This CVSS is primarily meant to please automatic scanners.
------------------------------------<diff>-------------------------------------------
Title: Update Python version for Windows agent
Class: security
Compatible: compat
Component: checks
Date: 1709283564
Edition: cee
Level: 1
- Version: 2.2.0p24
? ^
+ Version: 2.2.0p25
? ^
When agent plugins are configured for a windows agent the baked package for windows contains a Python version.
This version is updated from 3.11.7 to 3.11.8.
This contains an update from openssl 3.0.11 to 3.0.13 and a fix for:
* CVE-2024-0727
* CVE-2023-6237
* CVE-2023-6129
* CVE-2023-5678
* CVE-2023-5363
To our knowledge none of these vulnerabilities were exploitable in this setup.
We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N). This CVSS is primarily meant to please automatic scanners.
Werk 16242 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Kill forked processes by mk_oracle under AIX
Class: fix
Compatible: compat
Component: checks
Date: 1709728993
Edition: cre
Level: 1
Version: 2.2.0p25
The agent plugin <code>mk_oracle</code> creates forked processes, e.g. from <code>sqlplus</code>.
In order to reliable clean up stale processes, we kill now the whole process chain under AIX
which corresponds to the stored <code>PID</code>.
We introduce this only for <code>AIX</code> now as we have customers which are affected under that OS.
------------------------------------<diff>-------------------------------------------
Title: Kill forked processes by mk_oracle under AIX
Class: fix
Compatible: compat
Component: checks
Date: 1709728993
Edition: cre
Level: 1
- Version: 2.2.0p24
? ^
+ Version: 2.2.0p25
? ^
The agent plugin <code>mk_oracle</code> creates forked processes, e.g. from <code>sqlplus</code>.
In order to reliable clean up stale processes, we kill now the whole process chain under AIX
which corresponds to the stored <code>PID</code>.
We introduce this only for <code>AIX</code> now as we have customers which are affected under that OS.
Werk 16210 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: folder_config: Prevent unintentional deletion of a non-empty folder
Class: fix
Compatible: incomp
Component: rest-api
Date: 1704965695
Edition: cre
Level: 1
Version: 2.2.0p25
Prior to this Werk, the REST API could delete non-empty folders without any further check. With this Werk, the endpoint now accepts the <strong>delete_method</strong> query parameter. The possible values are:
- <strong>recursive</strong>: Deletes the folder and all the elements it contains.
- <strong>abort_on_nonempty</strong>: Deletes the folder only if it is not empty
If no delete_method is provided, <strong>recursive</strong> is asumed and the behaviour is the same as before this Werk.
The enpoint will return a 409 status code when trying to delete a folder that contains hosts, rules, subfolders or is referenced by another object.
Use example:
<code>curl -X 'DELETE' 'http://example.com/my_site/check_mk/api/1.0/objects/folder_config/my_folder…' -H 'accept: <em>/</em></code>
------------------------------------<diff>-------------------------------------------
Title: folder_config: Prevent unintentional deletion of a non-empty folder
Class: fix
Compatible: incomp
Component: rest-api
Date: 1704965695
Edition: cre
Level: 1
- Version: 2.2.0p24
? ^
+ Version: 2.2.0p25
? ^
Prior to this Werk, the REST API could delete non-empty folders without any further check. With this Werk, the endpoint now accepts the <strong>delete_method</strong> query parameter. The possible values are:
- <strong>recursive</strong>: Deletes the folder and all the elements it contains.
- <strong>abort_on_nonempty</strong>: Deletes the folder only if it is not empty
If no delete_method is provided, <strong>recursive</strong> is asumed and the behaviour is the same as before this Werk.
The enpoint will return a 409 status code when trying to delete a folder that contains hosts, rules, subfolders or is referenced by another object.
Use example:
<code>curl -X 'DELETE' 'http://example.com/my_site/check_mk/api/1.0/objects/folder_config/my_folder…' -H 'accept: <em>/</em></code>
Werk 16340 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: docker_node_images: KeyError: 'VirtualSize'
Class: fix
Compatible: compat
Component: checks
Date: 1709742514
Edition: cre
Level: 1
Version: 2.2.0p25
In newer versions of the Docker API the information about the 'VirtualSize' of a node image is not available, because it has been deprecated.
From now on the plugin will use 'VirtualSize' if available, and 'Size' if not.
------------------------------------<diff>-------------------------------------------
Title: docker_node_images: KeyError: 'VirtualSize'
Class: fix
Compatible: compat
Component: checks
Date: 1709742514
Edition: cre
Level: 1
- Version: 2.2.0p24
? ^
+ Version: 2.2.0p25
? ^
In newer versions of the Docker API the information about the 'VirtualSize' of a node image is not available, because it has been deprecated.
From now on the plugin will use 'VirtualSize' if available, and 'Size' if not.
Werk 16197 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: quantum_libsmall_*: Improve SNMP detection
Class: fix
Compatible: compat
Component: checks
Date: 1709035896
Edition: cre
Level: 1
Version: 2.2.0p25
Currently the SNMP detection for <code>quantum_libsmall_status</code> and <code>quantum_libsmall_door</code> checks if "linux" and "library" are contained in the sysDescr and sysLocation OIDs. To make the detection more reliable, the sysObjectID is checked against the linux object identifier and the libraryProductName .1.3.6.1.4.1.3697.1.10.10.1.10.0 against "Quantum Small Library Product".
------------------------------------<diff>-------------------------------------------
Title: quantum_libsmall_*: Improve SNMP detection
Class: fix
Compatible: compat
Component: checks
Date: 1709035896
Edition: cre
Level: 1
- Version: 2.2.0p24
? ^
+ Version: 2.2.0p25
? ^
Currently the SNMP detection for <code>quantum_libsmall_status</code> and <code>quantum_libsmall_door</code> checks if "linux" and "library" are contained in the sysDescr and sysLocation OIDs. To make the detection more reliable, the sysObjectID is checked against the linux object identifier and the libraryProductName .1.3.6.1.4.1.3697.1.10.10.1.10.0 against "Quantum Small Library Product".
Werk 16179 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: size_trend: Treat negative free space as 0 in all cases
Class: fix
Compatible: compat
Component: checks
Date: 1710929049
Edition: cre
Level: 1
Version: 2.2.0p25
Before the version 2.2.0p21, 'Time left until full' was reported to be 0 in case of
devices reporting negative free space.
With werk 16330, we stopped reporting the metric in case of very small size changes
because it lead to infinite values. With this change the behavior was unintentionally
also changed for negative free space values.
This werk restores the same functionality in case of negative free space.
------------------------------------<diff>-------------------------------------------
Title: size_trend: Treat negative free space as 0 in all cases
Class: fix
Compatible: compat
Component: checks
Date: 1710929049
Edition: cre
Level: 1
- Version: 2.2.0p24
? ^
+ Version: 2.2.0p25
? ^
Before the version 2.2.0p21, 'Time left until full' was reported to be 0 in case of
devices reporting negative free space.
With werk 16330, we stopped reporting the metric in case of very small size changes
because it lead to infinite values. With this change the behavior was unintentionally
also changed for negative free space values.
This werk restores the same functionality in case of negative free space.
Werk 16114 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: folder_config: Extend GET and DELETE endpoints folder name pattern to match the CREATE enpoint one
Class: fix
Compatible: compat
Component: rest-api
Date: 1696846527
Edition: cre
Level: 1
Version: 2.2.0p25
Prior to this Werk, the folder name pattern for GET and DELETE endpoints did not allow the use of unicode characters while they were supported by the CREATE endpoint, with the result that folders created with such characters could not be accessed or deleted from the REST API.
For example, the user was able to create a folder named û亿Ï8Ĺ, which then could not be read or deleted from the API.
This Werk widens the folder name pattern on GET and DELETE endpoints to align with the CREATE one and now all of them support unicode characters.
------------------------------------<diff>-------------------------------------------
Title: folder_config: Extend GET and DELETE endpoints folder name pattern to match the CREATE enpoint one
Class: fix
Compatible: compat
Component: rest-api
Date: 1696846527
Edition: cre
Level: 1
- Version: 2.2.0p24
? ^
+ Version: 2.2.0p25
? ^
Prior to this Werk, the folder name pattern for GET and DELETE endpoints did not allow the use of unicode characters while they were supported by the CREATE endpoint, with the result that folders created with such characters could not be accessed or deleted from the REST API.
For example, the user was able to create a folder named û亿Ï8Ĺ, which then could not be read or deleted from the API.
This Werk widens the folder name pattern on GET and DELETE endpoints to align with the CREATE one and now all of them support unicode characters.
Werk 16176 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: postfix: Fix Postfix status monitoring for agents run in Docker
Class: fix
Compatible: compat
Component: checks
Date: 1710323821
Edition: cre
Level: 1
Version: 2.2.0p25
Previously, Checkmk agent used the data from /proc to determine if Postfix instance is running.
Since docker containers don't have permissions to read /proc, the agent always reported
the Postfix instance as 'not running'.
This resulted in CRIT 'Postfix status' service even if Postfix instance was running correctly.
------------------------------------<diff>-------------------------------------------
Title: postfix: Fix Postfix status monitoring for agents run in Docker
Class: fix
Compatible: compat
Component: checks
Date: 1710323821
Edition: cre
Level: 1
- Version: 2.2.0p24
? ^
+ Version: 2.2.0p25
? ^
Previously, Checkmk agent used the data from /proc to determine if Postfix instance is running.
Since docker containers don't have permissions to read /proc, the agent always reported
the Postfix instance as 'not running'.
This resulted in CRIT 'Postfix status' service even if Postfix instance was running correctly.