[//]: # (werk v2)
# Re-enable bulk service discovery in empty folders
key | value
---------- | ---
date | 2024-05-30T10:51:31+00:00
version | 2.3.0p5
class | fix
edition | cre
component | multisite
level | 1
compatible | yes
The page menu entry "Hosts" > "In this folder" > "Run bulk service discovery" on folder setup pages was unclickable if there was no host given in the current folder, even if subfolders held hosts.
This bug is fixed to the former behavior, enabling the bulk service discovery whenever the current folder or any of its subfolders holds at least one host.
[//]: # (werk v2)
# notification rules: allow for the global http proxy configuration for plugins
key | value
---------- | ---
date | 2024-05-27T10:31:46+00:00
version | 2.3.0p5
class | fix
edition | cre
component | rest-api
level | 1
compatible | no
When configuring a notification rule with one of the following plugins
* Cisco Webex Teams
* iLert
* MS Teams
* PagerDuty
* Splunk On-Call
* SIGNL4 Alerting
the option to select a globally configured http proxy was not possible via
the REST-API. This werk addresses this issue and you can now select a globally
configured http proxy for any of the mentioned plugins.
[//]: # (werk v2)
# Re-enable bulk service discovery in empty folders
key | value
---------- | ---
date | 2024-05-30T10:51:31+00:00
version | 2.4.0b1
class | fix
edition | cre
component | multisite
level | 1
compatible | yes
The page menu entry "Hosts" > "In this folder" > "Run bulk service discovery" on folder setup pages was unclickable if there was no host given in the current folder, even if subfolders held hosts.
This bug is fixed to the former behavior, enabling the bulk service discovery whenever the current folder or any of its subfolders holds at least one host.
[//]: # (werk v2)
# notification rules: allow for the global http proxy configuration for plugins
key | value
---------- | ---
date | 2024-05-27T10:31:46+00:00
version | 2.4.0b1
class | fix
edition | cre
component | rest-api
level | 1
compatible | no
When configuring a notification rule with one of the following plugins
* Cisco Webex Teams
* iLert
* MS Teams
* PagerDuty
* Splunk On-Call
* SIGNL4 Alerting
the option to select a globally configured http proxy was not possible via
the REST-API. This werk addresses this issue and you can now select a globally
configured http proxy for any of the mentioned plugins.
Title: disk_smb: Allow macros in 'NetBIOS name of the server' field
Class: fix
Compatible: compat
Component: checks
Date: 1716895280
Edition: cre
Level: 1
Version: 2.1.0p44
With the rework of disk_smb active check in version 2.1.0, using macros in
'NetBIOS name of the server' was disallowed. Now, the macros are enabled
for this field again.
Title: No longer sporadically report stale services which are based on piggyback data
Class: fix
Compatible: compat
Component: checks
Date: 1699980710
Edition: cre
Level: 1
Version: 2.1.0p44
If the check interval of a host was greater than 1 minute, any of its reported piggyback data
was at risk of being ignored by the target host because of being too old.
Title: Restrict check_sftp local paths
Class: security
Compatible: incomp
Component: checks
Date: 1715852900
Edition: cre
Level: 1
Version: 2.1.0p44
Prior to this Werk, <code>check_sftp</code> did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure <code>check_sftp</code> to read or write files within the Checkmk site home.
The local paths are now restricted to the folder <code>var/check_mk/active_checks/check_sftp</code> within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</code> and assigned CVE <code>CVE-2024-28826</code>.
Title: disk_smb: Allow macros in 'NetBIOS name of the server' field
Class: fix
Compatible: compat
Component: checks
Date: 1716895280
Edition: cre
Level: 1
Version: 2.2.0p28
With the rework of disk_smb active check in version 2.1.0, using macros in
'NetBIOS name of the server' was disallowed. Now, the macros are enabled
for this field again.
Title: Restrict check_sftp local paths
Class: security
Compatible: incomp
Component: checks
Date: 1715852900
Edition: cre
Level: 1
Version: 2.2.0p27
Prior to this Werk, <code>check_sftp</code> did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure <code>check_sftp</code> to read or write files within the Checkmk site home.
The local paths are now restricted to the folder <code>var/check_mk/active_checks/check_sftp</code> within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</code> and assigned CVE <code>CVE-2024-28826</code>.