Checkmk werks level1 April 2024

checkmk-werks-lvl1@lists.checkmk.com

1 participants
306 discussions

[2.2.0] Checkmk Werk 16611 adapted: notifications: Crash on config page when rule exists with missing permissions

by Checkmk werks level 1

Werk 16611 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: notifications: Crash on config page when rule exists with missing permissions Class: fix Compatible: compat Component: notifications Date: 1711532390 Edition: cre Level: 1 Version: 2.2.0p26 When a user tries to access the notification setup page where a rule is listed for which the user does not have access rights, the page would crash making any changes impossible. With this werk, the table generation is fixed and the page will no longer crash the GUI. ------------------------------------<diff>------------------------------------------- Title: notifications: Crash on config page when rule exists with missing permissions Class: fix Compatible: compat Component: notifications Date: 1711532390 Edition: cre Level: 1 - Version: 2.2.0p25 ? ^ + Version: 2.2.0p26 ? ^ When a user tries to access the notification setup page where a rule is listed for which the user does not have access rights, the page would crash making any changes impossible. With this werk, the table generation is fixed and the page will no longer crash the GUI.

5 months

[2.2.0] Checkmk Werk 16603 adapted: mk_postgres: Ensure coherent string encoding

by Checkmk werks level 1

Werk 16603 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: mk_postgres: Ensure coherent string encoding Class: fix Compatible: compat Component: checks Date: 1711529016 Edition: cre Level: 1 Version: 2.2.0p26 Postgres.cfg was always read as unicode decoded. This ensures that the read text is correctly converted to byte string format. ------------------------------------<diff>------------------------------------------- Title: mk_postgres: Ensure coherent string encoding Class: fix Compatible: compat Component: checks Date: 1711529016 Edition: cre Level: 1 - Version: 2.2.0p25 ? ^ + Version: 2.2.0p26 ? ^ Postgres.cfg was always read as unicode decoded. This ensures that the read text is correctly converted to byte string format.

5 months

[2.2.0] Checkmk Werk 16605 adapted: check_wmi_webservices: fix CurrentConnections monitoring

by Checkmk werks level 1

Werk 16605 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: check_wmi_webservices: fix CurrentConnections monitoring Class: fix Compatible: compat Component: checks Date: 1712040247 Edition: cre Level: 1 Version: 2.2.0p26 The CurrentConnections metric was calculated "per second". We now directly show the number of connections returned by the service. ------------------------------------<diff>------------------------------------------- Title: check_wmi_webservices: fix CurrentConnections monitoring Class: fix Compatible: compat Component: checks Date: 1712040247 Edition: cre Level: 1 - Version: 2.2.0p25 ? ^ + Version: 2.2.0p26 ? ^ The CurrentConnections metric was calculated "per second". We now directly show the number of connections returned by the service.

5 months

[2.2.0] Checkmk Werk 16623 adapted: HW/SW Inventory: Fix crash when filtering for number of sites for Checkmk version

by Checkmk werks level 1

Werk 16623 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: HW/SW Inventory: Fix crash when filtering for number of sites for Checkmk version Class: fix Compatible: compat Component: inv Date: 1710167848 Edition: cre Level: 1 Version: 2.2.0p26 When filtering the Checkmk versions -> #Sites inventory column, a crash occurs with C+: TypeError (expected string or bytes-like object) ... File "/omd/sites/oldstable/lib/python3/cmk/gui/query_filters.py", line 510, in <lambda> return lambda row: bool(regex.search(row.get(column, ""))) C-: This crash has been fixed. ------------------------------------<diff>------------------------------------------- Title: HW/SW Inventory: Fix crash when filtering for number of sites for Checkmk version Class: fix Compatible: compat Component: inv Date: 1710167848 Edition: cre Level: 1 - Version: 2.2.0p25 ? ^ + Version: 2.2.0p26 ? ^ When filtering the Checkmk versions -> #Sites inventory column, a crash occurs with C+: TypeError (expected string or bytes-like object) ... File "/omd/sites/oldstable/lib/python3/cmk/gui/query_filters.py", line 510, in <lambda> return lambda row: bool(regex.search(row.get(column, ""))) C-: This crash has been fixed.

5 months

[2.2.0] Checkmk Werk 16599 adapted: jolokia metrics: restores 'default product' behavior

by Checkmk werks level 1

Werk 16599 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: jolokia metrics: restores 'default product' behavior Class: fix Compatible: compat Component: checks Date: 1710165014 Edition: cre Level: 1 Version: 2.2.0p26 The check plugin no longer showed any metrics if a product was not specified in the ruleset configuration. This werk restores the original behaviour, using as a default product the one reported in the info section of the agent output. ------------------------------------<diff>------------------------------------------- Title: jolokia metrics: restores 'default product' behavior Class: fix Compatible: compat Component: checks Date: 1710165014 Edition: cre Level: 1 - Version: 2.2.0p25 ? ^ + Version: 2.2.0p26 ? ^ The check plugin no longer showed any metrics if a product was not specified in the ruleset configuration. This werk restores the original behaviour, using as a default product the one reported in the info section of the agent output.

5 months

[2.2.0] Checkmk Werk 16615 adapted: Remove websphere_mq plugin

by Checkmk werks level 1

Werk 16615 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Remove websphere_mq plugin Class: security Compatible: compat Component: checks Date: 1710155388 Edition: cre Level: 1 Version: 2.2.0p26 With this Werk the <code>websphere_mq</code> plugin is removed for security reasons. In this plugin the output of <code>ps</code> is used to determine an argument for <code>runmqsc</code>. This meant that anybody who can launch processes with an arbitrary command line could manipulate one argument to <code>runmqsc</code>. The plugin was already superseded by the agent plugin <code>ibm_mq</code> and deprecated with Werk <a href="https://checkmk.com/werk/10752">10752</a> and version 2.0.0. Since this plugin is already deprecated and it was not configurable via the agent bakery we assumed that this plugin is not frequently used. Therefore we decided to not fix the issue but to push the removal. We found this vulnerability internally. Affected versions: LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 Mitigations: Migrate to the <code>ibm_mq</code> plugin. Vulnerability Management: We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N</code>. We assigned CVE-2024-3367 to this vulnerability. Changes: The plugin was removed. ------------------------------------<diff>------------------------------------------- Title: Remove websphere_mq plugin Class: security Compatible: compat Component: checks Date: 1710155388 Edition: cre Level: 1 - Version: 2.2.0p25 ? ^ + Version: 2.2.0p26 ? ^ With this Werk the <code>websphere_mq</code> plugin is removed for security reasons. In this plugin the output of <code>ps</code> is used to determine an argument for <code>runmqsc</code>. This meant that anybody who can launch processes with an arbitrary command line could manipulate one argument to <code>runmqsc</code>. The plugin was already superseded by the agent plugin <code>ibm_mq</code> and deprecated with Werk <a href="https://checkmk.com/werk/10752">10752</a> and version 2.0.0. Since this plugin is already deprecated and it was not configurable via the agent bakery we assumed that this plugin is not frequently used. Therefore we decided to not fix the issue but to push the removal. We found this vulnerability internally. Affected versions: LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 Mitigations: Migrate to the <code>ibm_mq</code> plugin. Vulnerability Management: We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N</code>. We assigned CVE-2024-3367 to this vulnerability. Changes: The plugin was removed.

5 months

[2.2.0] Checkmk Werk 15026 adapted: Disallow python_plugins and lnx_remote_alert_handlers agent config options for users without the "add_or_modify_executables" permission

by Checkmk werks level 1

Werk 15026 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Disallow python_plugins and lnx_remote_alert_handlers agent config options for users without the "add_or_modify_executables" permission Class: fix Compatible: compat Component: wato Date: 1710499061 Edition: cre Level: 1 Version: 2.2.0p26 Without the "add_or_modify_executables" permission users do not have the right to change any executable run by checkmk, either on the site or via the agent. The agent config options "python_plugins" and "lnx_remote_alert_handlers" have not yet checked for that permission. In the UI "python_plugins" and "lnx_remote_alert_handlers are called "Python agent plugin execution (UNIX)" and "Remote alert handler (Linux)" respectively. ------------------------------------<diff>------------------------------------------- Title: Disallow python_plugins and lnx_remote_alert_handlers agent config options for users without the "add_or_modify_executables" permission Class: fix Compatible: compat Component: wato Date: 1710499061 Edition: cre Level: 1 - Version: 2.2.0p25 ? ^ + Version: 2.2.0p26 ? ^ Without the "add_or_modify_executables" permission users do not have the right to change any executable run by checkmk, either on the site or via the agent. The agent config options "python_plugins" and "lnx_remote_alert_handlers" have not yet checked for that permission. In the UI "python_plugins" and "lnx_remote_alert_handlers are called "Python agent plugin execution (UNIX)" and "Remote alert handler (Linux)" respectively.

5 months

[2.2.0] Checkmk Werk 15840 adapted: Windows agent obtains winperf data using separate process

by Checkmk werks level 1

Werk 15840 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Windows agent obtains winperf data using separate process Class: fix Compatible: compat Component: checks Date: 1711121597 Edition: cre Level: 1 Version: 2.2.0p26 This change fixes regression introduced in 2.1.0p2 ------------------------------------<diff>------------------------------------------- Title: Windows agent obtains winperf data using separate process Class: fix Compatible: compat Component: checks Date: 1711121597 Edition: cre Level: 1 - Version: 2.2.0p25 ? ^ + Version: 2.2.0p26 ? ^ This change fixes regression introduced in 2.1.0p2

5 months

[2.2.0] Checkmk Werk 15487 adapted: Fix indentation of tree of folders snapin

by Checkmk werks level 1

Werk 15487 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Fix indentation of tree of folders snapin Class: fix Compatible: compat Component: multisite Date: 1683124911 Edition: cre Level: 1 Version: 2.2.0p26 ------------------------------------<diff>------------------------------------------- Title: Fix indentation of tree of folders snapin Class: fix Compatible: compat Component: multisite Date: 1683124911 Edition: cre Level: 1 - Version: 2.2.0p25 ? ^ + Version: 2.2.0p26 ? ^

5 months

[2.2.0] Checkmk Werk 15320 adapted: heartbeat_crm_resources: unmanaged stopped resources could not go critical

by Checkmk werks level 1

Werk 15320 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: heartbeat_crm_resources: unmanaged stopped resources could not go critical Class: fix Compatible: compat Component: checks Date: 1706189999 Edition: cre Level: 1 Version: 2.2.0p26 Stopped resources are marked <code>CRIT</code>. If a resources was stopped and unmanaged, it was not marked as <code>CRIT</code>. ------------------------------------<diff>------------------------------------------- Title: heartbeat_crm_resources: unmanaged stopped resources could not go critical Class: fix Compatible: compat Component: checks Date: 1706189999 Edition: cre Level: 1 - Version: 2.2.0p25 ? ^ + Version: 2.2.0p26 ? ^ Stopped resources are marked <code>CRIT</code>. If a resources was stopped and unmanaged, it was not marked as <code>CRIT</code>.

5 months

← Newer
1
...
14
15
16
17
18
19
20
...
31
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 April 2024