Werk 16611 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: notifications: Crash on config page when rule exists with missing permissions
Class: fix
Compatible: compat
Component: notifications
Date: 1711532390
Edition: cre
Level: 1
Version: 2.2.0p26
When a user tries to access the notification setup page where
a rule is listed for which the user does not have access rights,
the page would crash making any changes impossible.
With this werk, the table generation is fixed and the page will
no longer crash the GUI.
------------------------------------<diff>-------------------------------------------
Title: notifications: Crash on config page when rule exists with missing permissions
Class: fix
Compatible: compat
Component: notifications
Date: 1711532390
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
When a user tries to access the notification setup page where
a rule is listed for which the user does not have access rights,
the page would crash making any changes impossible.
With this werk, the table generation is fixed and the page will
no longer crash the GUI.
Werk 16603 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: mk_postgres: Ensure coherent string encoding
Class: fix
Compatible: compat
Component: checks
Date: 1711529016
Edition: cre
Level: 1
Version: 2.2.0p26
Postgres.cfg was always read as unicode decoded.
This ensures that the read text is correctly converted to byte string format.
------------------------------------<diff>-------------------------------------------
Title: mk_postgres: Ensure coherent string encoding
Class: fix
Compatible: compat
Component: checks
Date: 1711529016
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
Postgres.cfg was always read as unicode decoded.
This ensures that the read text is correctly converted to byte string format.
Werk 16605 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: check_wmi_webservices: fix CurrentConnections monitoring
Class: fix
Compatible: compat
Component: checks
Date: 1712040247
Edition: cre
Level: 1
Version: 2.2.0p26
The CurrentConnections metric was calculated "per second".
We now directly show the number of connections returned by the service.
------------------------------------<diff>-------------------------------------------
Title: check_wmi_webservices: fix CurrentConnections monitoring
Class: fix
Compatible: compat
Component: checks
Date: 1712040247
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
The CurrentConnections metric was calculated "per second".
We now directly show the number of connections returned by the service.
Werk 16623 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: HW/SW Inventory: Fix crash when filtering for number of sites for Checkmk version
Class: fix
Compatible: compat
Component: inv
Date: 1710167848
Edition: cre
Level: 1
Version: 2.2.0p26
When filtering the Checkmk versions -> #Sites inventory column, a crash occurs with
C+:
TypeError (expected string or bytes-like object)
...
File "/omd/sites/oldstable/lib/python3/cmk/gui/query_filters.py", line 510, in <lambda>
return lambda row: bool(regex.search(row.get(column, "")))
C-:
This crash has been fixed.
------------------------------------<diff>-------------------------------------------
Title: HW/SW Inventory: Fix crash when filtering for number of sites for Checkmk version
Class: fix
Compatible: compat
Component: inv
Date: 1710167848
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
When filtering the Checkmk versions -> #Sites inventory column, a crash occurs with
C+:
TypeError (expected string or bytes-like object)
...
File "/omd/sites/oldstable/lib/python3/cmk/gui/query_filters.py", line 510, in <lambda>
return lambda row: bool(regex.search(row.get(column, "")))
C-:
This crash has been fixed.
Werk 16599 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: jolokia metrics: restores 'default product' behavior
Class: fix
Compatible: compat
Component: checks
Date: 1710165014
Edition: cre
Level: 1
Version: 2.2.0p26
The check plugin no longer showed any metrics if a product was not specified in the ruleset configuration.
This werk restores the original behaviour, using as a default product the one reported in the info section of the agent output.
------------------------------------<diff>-------------------------------------------
Title: jolokia metrics: restores 'default product' behavior
Class: fix
Compatible: compat
Component: checks
Date: 1710165014
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
The check plugin no longer showed any metrics if a product was not specified in the ruleset configuration.
This werk restores the original behaviour, using as a default product the one reported in the info section of the agent output.
Werk 16615 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Remove websphere_mq plugin
Class: security
Compatible: compat
Component: checks
Date: 1710155388
Edition: cre
Level: 1
Version: 2.2.0p26
With this Werk the <code>websphere_mq</code> plugin is removed for security reasons.
In this plugin the output of <code>ps</code> is used to determine an argument for
<code>runmqsc</code>. This meant that anybody who can launch processes with an arbitrary
command line could manipulate one argument to <code>runmqsc</code>.
The plugin was already superseded by the agent plugin <code>ibm_mq</code> and deprecated with Werk <a href="https://checkmk.com/werk/10752">10752</a> and version 2.0.0.
Since this plugin is already deprecated and it was not configurable via the
<em>agent bakery</em> we assumed that this plugin is not frequently used. Therefore we
decided to not fix the issue but to push the removal.
We found this vulnerability internally.
<strong>Affected versions</strong>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0
<strong>Mitigations</strong>:
Migrate to the <code>ibm_mq</code> plugin.
<strong>Vulnerability Management</strong>:
We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N</code>.
We assigned CVE-2024-3367 to this vulnerability.
<strong>Changes</strong>:
The plugin was removed.
------------------------------------<diff>-------------------------------------------
Title: Remove websphere_mq plugin
Class: security
Compatible: compat
Component: checks
Date: 1710155388
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
With this Werk the <code>websphere_mq</code> plugin is removed for security reasons.
In this plugin the output of <code>ps</code> is used to determine an argument for
<code>runmqsc</code>. This meant that anybody who can launch processes with an arbitrary
command line could manipulate one argument to <code>runmqsc</code>.
The plugin was already superseded by the agent plugin <code>ibm_mq</code> and deprecated with Werk <a href="https://checkmk.com/werk/10752">10752</a> and version 2.0.0.
Since this plugin is already deprecated and it was not configurable via the
<em>agent bakery</em> we assumed that this plugin is not frequently used. Therefore we
decided to not fix the issue but to push the removal.
We found this vulnerability internally.
<strong>Affected versions</strong>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0
<strong>Mitigations</strong>:
Migrate to the <code>ibm_mq</code> plugin.
<strong>Vulnerability Management</strong>:
We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N</code>.
We assigned CVE-2024-3367 to this vulnerability.
<strong>Changes</strong>:
The plugin was removed.
Werk 15026 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Disallow python_plugins and lnx_remote_alert_handlers agent config options for users without the "add_or_modify_executables" permission
Class: fix
Compatible: compat
Component: wato
Date: 1710499061
Edition: cre
Level: 1
Version: 2.2.0p26
Without the "add_or_modify_executables" permission users do not have the right
to change any executable run by checkmk, either on the site or via the agent.
The agent config options "python_plugins" and "lnx_remote_alert_handlers" have
not yet checked for that permission.
In the UI "python_plugins" and "lnx_remote_alert_handlers are called
"Python agent plugin execution (UNIX)" and "Remote alert handler (Linux)" respectively.
------------------------------------<diff>-------------------------------------------
Title: Disallow python_plugins and lnx_remote_alert_handlers agent config options for users without the "add_or_modify_executables" permission
Class: fix
Compatible: compat
Component: wato
Date: 1710499061
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
Without the "add_or_modify_executables" permission users do not have the right
to change any executable run by checkmk, either on the site or via the agent.
The agent config options "python_plugins" and "lnx_remote_alert_handlers" have
not yet checked for that permission.
In the UI "python_plugins" and "lnx_remote_alert_handlers are called
"Python agent plugin execution (UNIX)" and "Remote alert handler (Linux)" respectively.
Werk 15840 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Windows agent obtains winperf data using separate process
Class: fix
Compatible: compat
Component: checks
Date: 1711121597
Edition: cre
Level: 1
Version: 2.2.0p26
This change fixes regression introduced in 2.1.0p2
------------------------------------<diff>-------------------------------------------
Title: Windows agent obtains winperf data using separate process
Class: fix
Compatible: compat
Component: checks
Date: 1711121597
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
This change fixes regression introduced in 2.1.0p2
Werk 15487 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Fix indentation of tree of folders snapin
Class: fix
Compatible: compat
Component: multisite
Date: 1683124911
Edition: cre
Level: 1
Version: 2.2.0p26
------------------------------------<diff>-------------------------------------------
Title: Fix indentation of tree of folders snapin
Class: fix
Compatible: compat
Component: multisite
Date: 1683124911
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
Werk 15320 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: heartbeat_crm_resources: unmanaged stopped resources could not go critical
Class: fix
Compatible: compat
Component: checks
Date: 1706189999
Edition: cre
Level: 1
Version: 2.2.0p26
Stopped resources are marked <code>CRIT</code>.
If a resources was stopped and unmanaged, it was not marked as <code>CRIT</code>.
------------------------------------<diff>-------------------------------------------
Title: heartbeat_crm_resources: unmanaged stopped resources could not go critical
Class: fix
Compatible: compat
Component: checks
Date: 1706189999
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
Stopped resources are marked <code>CRIT</code>.
If a resources was stopped and unmanaged, it was not marked as <code>CRIT</code>.