Title: mssql_datafiles/transactionlogs: Regression in maximum size calculation
Class: fix
Compatible: compat
Component: checks
Date: 1694589964
Edition: cre
Level: 1
Version: 2.2.0p25
This is a follow-up to Werk #14421.
Since Checkmk 2.1.0p5, we calculate the maximum size as the sum of available
and used size for unlimited instances.
However, in some cases, we accidentally drop explicit thresholds for the
maximum size if avaiable, falling back to the unlimited case.
[//]: # (werk v2)
# Ruleset API: Rename PredictiveLevels.prefill_stddev_diff to prefill_stdev_diff
key | value
---------- | ---
date | 2024-04-08T14:16:32+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | no
This change is only relevant for plugin developers.
Werk 15515 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# check_http: Soft deprecatation of old HTTP monitoring plug-in
key | value
---------- | ---
date | 2024-04-03T13:15:48+00:00
version | 2.4.0b1
class | feature
edition | cre
component | checks
level | 2
compatible | no
The old plug-in is being deprecated in a soft way with this werk. Unlike
hard deprecation, the deprecated rule set "Check HTTP service" will remain
fully functional. However, new rules should only be created if absolutely
necessary, such as when experiencing issues with the new "Check HTTP web
service" implementation and needing to roll back to the old one.
Please note that the rule set will be hard deprecated in version 2.4.0,
meaning that you will no longer be able to create new rules. However, the
plug-in itself will remain available as this is a component of the
monitoring-plugins collection that comes with Checkmk.
Please let us know if you find any features that were present in the old
plug-in but are missing in the new one.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# check_http: Soft deprecatation of old HTTP monitoring plug-in
key | value
---------- | ---
date | 2024-04-03T13:15:48+00:00
version | 2.4.0b1
class | feature
edition | cre
component | checks
level | 2
compatible | no
The old plug-in is being deprecated in a soft way with this werk. Unlike
hard deprecation, the deprecated rule set "Check HTTP service" will remain
fully functional. However, new rules should only be created if absolutely
necessary, such as when experiencing issues with the new "Check HTTP web
service" implementation and needing to roll back to the old one.
Please note that the rule set will be hard deprecated in version 2.4.0,
meaning that you will no longer be able to create new rules. However, the
plug-in itself will remain available as this is a component of the
monitoring-plugins collection that comes with Checkmk.
- Please know us know if you find any features that were present in the old
? --------
+ Please let us know if you find any features that were present in the old
? +++++++
plug-in but are missing in the new one.
[//]: # (werk v2)
# jolokia_info: Support Version 2.0
key | value
---------- | ---
date | 2024-04-08T09:28:55+00:00
version | 2.4.0b1
class | feature
edition | cre
component | checks
level | 1
compatible | yes
Jolokia 2.0 was released 2023-12-19. With the release some changes to the Jolokia Protocol have been
introduced. If a user installed this version of Jolokia, the check plugin `jolokia_info` showed
`unknown` instead of the product information. After updating the agent plugin `mk_jolokia.py`, the
correct information will be shown again.
[//]: # (werk v2)
# Licensing: Introduce grace period for unlicensed state
key | value
---------- | ---
date | 2024-03-27T15:55:26+00:00
version | 2.4.0b1
class | fix
edition | cce
component | wato
level | 1
compatible | yes
To lessen the impact of a setup becoming unlicensed, there is now a 7 day grace period before becoming unlicensed.
In this time only warnings will be shown so that users have the opportunity to fix the licensing issues.
Title: check_wmi_webservices: fix CurrentConnections monitoring
Class: fix
Compatible: compat
Component: checks
Date: 1712040247
Edition: cre
Level: 1
Version: 2.2.0p25
The CurrentConnections metric was calculated "per second".
We now directly show the number of connections returned by the service.
Title: Disallow python_plugins and lnx_remote_alert_handlers agent config options for users without the "add_or_modify_executables" permission
Class: fix
Compatible: compat
Component: wato
Date: 1710499061
Edition: cre
Level: 1
Version: 2.2.0p25
Without the "add_or_modify_executables" permission users do not have the right
to change any executable run by checkmk, either on the site or via the agent.
The agent config options "python_plugins" and "lnx_remote_alert_handlers" have
not yet checked for that permission.
In the UI "python_plugins" and "lnx_remote_alert_handlers are called
"Python agent plugin execution (UNIX)" and "Remote alert handler (Linux)" respectively.
[//]: # (werk v2)
# Crash when accessing overridden built-in dashboard
key | value
---------- | ---
date | 2024-04-03T12:32:28+00:00
version | 2.4.0b1
class | fix
edition | cre
component | multisite
level | 1
compatible | yes
Accessing a built-in dashboard after overriding it with a custom dashboard
could cause certain dashlets to crash.
For example, you could access the built-in dashboard by clicking the link
in Customize > Dashboards > Built-in. Another way to access the built-in
dashboard is for example by having a bookmark to it.
Now this crash no longer occurs and all dashlets render correctly.
[//]: # (werk v2)
# check_wmi_webservices: fix CurrentConnections monitoring
key | value
---------- | ---
date | 2024-04-02T06:44:07+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
The CurrentConnections metric was calculated "per second".
We now directly show the number of connections returned by the service.
[//]: # (werk v2)
# Remove websphere_mq plugin
key | value
---------- | ---
date | 2024-03-11T11:09:48+00:00
version | 2.4.0b1
class | security
edition | cre
component | checks
level | 1
compatible | yes
With this Werk the `websphere_mq` plugin is removed for security reasons.
In this plugin the output of `ps` is used to determine an argument for
`runmqsc`. This meant that anybody who can launch processes with an arbitrary
command line could manipulate one argument to `runmqsc`.
The plugin was already superseded by the agent plugin `ibm_mq` and deprecated with Werk [10752](https://checkmk.com/werk/10752) and version 2.0.0.
Since this plugin is already deprecated and it was not configurable via the
*agent bakery* we assumed that this plugin is not frequently used. Therefore we
decided to not fix the issue but to push the removal.
We found this vulnerability internally.
__Affected versions__:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0
__Mitigations__:
Migrate to the `ibm_mq` plugin.
__Vulnerability Management__:
We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: `CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N`.
We assigned CVE-2024-3367 to this vulnerability.
__Changes__:
The plugin was removed.