[//]: # (werk v2)
# netapp: Fix crash when setting state in snapshot reserve service rule
key | value
---------- | ---
compatible | yes
version | 2.4.0b1
date | 2024-05-28T16:33:46+00:00
level | 1
class | fix
component | checks
edition | cre
A problem in the NetApp Snapshot Reserve rule caused a crash
when setting the "State when no reserve is configured" option.
This werk fixes the bug such that the state can be defined
as expected.
[//]: # (werk v2)
# Unify and improve file system perfometers
key | value
---------- | ---
date | 2024-05-27T15:34:15+00:00
version | 2.4.0b1
class | feature
edition | cre
component | multisite
level | 1
compatible | yes
In most cases, the perfometer of file system services shows the used space in percent. However,
before this werk, in rare cases, this perfometer displayed multiple segments. In particular, this
was the case for file systems with provisioning or overcommittment. In such cases, the
interpretation of the perfometer was unclear. Therefore, as of this werk, the perfometer always
displays the used space in percent.
Furthermore, the displayed value now takes reserved space into account. Before, reserved space was
ignored when computing the usage displayed by the perfometer.
[//]: # (werk v2)
# Predictive levels: Label upper levels correctly in service graphs
key | value
---------- | ---
date | 2024-05-22T21:58:01+00:00
version | 2.4.0b1
class | fix
edition | cee
component | metrics
level | 1
compatible | yes
When using predictive levels, the predicted thresholds are automatically added to the corresponding
service graphs. For metrics declared via the new API, upper levels were by mistake labeled as lower
levels.
[//]: # (werk v2)
# hyperv_vms: Mapping of VM-to-monitoring state causes UNKNOWN services
key | value
---------- | ---
date | 2024-05-27T14:11:42+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
This is a regression since Checkmk 2.3.0.
When configuring the rule _Microsoft Hyper-V Server VM state_ with option
_Translation of VM state to monitoring state: Direct mapping of VM state to monitoring state_,
the matching _VM_ services previously showed up with status _UNKNOWN_ for all VM states that were not
explicitly configured by the rule.
[//]: # (werk v2)
# Limit "Send out notification" on test to HTML and ASCII Email
key | value
---------- | ---
date | 2024-05-31T10:16:11+00:00
version | 2.4.0b1
class | fix
edition | cre
component | notifications
level | 1
compatible | yes
If you used the option "Send out notification according to notification rules
(uncheck to avoid spam)" in "Test configuration" for other notification methods
than "HTML Email" or "ASCII Email", the processed notification script could
crash with a Traceback.
This is caused by missing notification parameters that differ for each
notification method.
We now limit the mentioned option to HTML and ASCII Email, as originally
intended.
Testing all other notification methods is still possible, but you can only send
out HTML and ASCII notifications.
ID: 16827
Title: Fix checkmk errors appearing at the bottom of the page
Component: Setup
Level: 1
Class: Bug fix
Version: 2.2.0p27
A certain class of errors, including time out errors appeared at
the bottom of a page, making the error difficult to notice, especially
when viewing large tables. With this werk, these error messages
will appear on top of the page like all other errors.
ID: 16828
Title: netapp: Fix crash when setting state in snapshot reserve service rule
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0p27
A problem in the NetApp Snapshot Reserve rule caused a crash
when setting the "State when no reserve is configured" option.
This werk fixes the bug such that the state can be defined
as expected.
Werk 15200 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Restrict check_sftp local paths
Class: security
Compatible: incomp
Component: checks
Date: 1715852900
Edition: cre
Level: 1
Version: 2.1.0p44
Prior to this Werk, <code>check_sftp</code> did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure <code>check_sftp</code> to read or write files within the Checkmk site home.
The local paths are now restricted to the folder <code>var/check_mk/active_checks/check_sftp</code> within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
If you want a hot-fix in existing versions and are not using `check_sftp`, you can remove the executable (`/omd/sites/[SITE_ID]/lib/nagios/plugins/check_sftp`) from your installation.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</code> and assigned CVE <code>CVE-2024-28826</code>.
------------------------------------<diff>-------------------------------------------
Title: Restrict check_sftp local paths
Class: security
Compatible: incomp
Component: checks
Date: 1715852900
Edition: cre
Level: 1
Version: 2.1.0p44
Prior to this Werk, <code>check_sftp</code> did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure <code>check_sftp</code> to read or write files within the Checkmk site home.
The local paths are now restricted to the folder <code>var/check_mk/active_checks/check_sftp</code> within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
+ If you want a hot-fix in existing versions and are not using `check_sftp`, you can remove the executable (`/omd/sites/[SITE_ID]/lib/nagios/plugins/check_sftp`) from your installation.
+
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</code> and assigned CVE <code>CVE-2024-28826</code>.
Werk 15200 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Restrict check_sftp local paths
Class: security
Compatible: incomp
Component: checks
Date: 1715852900
Edition: cre
Level: 1
Version: 2.2.0p27
Prior to this Werk, <code>check_sftp</code> did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure <code>check_sftp</code> to read or write files within the Checkmk site home.
The local paths are now restricted to the folder <code>var/check_mk/active_checks/check_sftp</code> within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
If you want a hot-fix in existing versions and are not using `check_sftp`, you can remove the executable (`/omd/sites/[SITE_ID]/lib/nagios/plugins/check_sftp`) from your installation.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</code> and assigned CVE <code>CVE-2024-28826</code>.
------------------------------------<diff>-------------------------------------------
Title: Restrict check_sftp local paths
Class: security
Compatible: incomp
Component: checks
Date: 1715852900
Edition: cre
Level: 1
Version: 2.2.0p27
Prior to this Werk, <code>check_sftp</code> did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure <code>check_sftp</code> to read or write files within the Checkmk site home.
The local paths are now restricted to the folder <code>var/check_mk/active_checks/check_sftp</code> within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
+ If you want a hot-fix in existing versions and are not using `check_sftp`, you can remove the executable (`/omd/sites/[SITE_ID]/lib/nagios/plugins/check_sftp`) from your installation.
+
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</code> and assigned CVE <code>CVE-2024-28826</code>.