Werk 16864 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# snmp: Fix error in SNMP context serialization introduced with werk 16862
key | value
---------- | ---
date | 2024-07-03T07:48:10+00:00
version | 2.3.0p11
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Werk 16862, which solved one SNMP context serialization bug, introduced another one.
When using SNMP contexts, the change activation crashes in 2.3.0p8.
After this Werk, SNMP contexts should work without errors.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# snmp: Fix error in SNMP context serialization introduced with werk 16862
key | value
---------- | ---
date | 2024-07-03T07:48:10+00:00
- version | 2.3.0p10
? ^
+ version | 2.3.0p11
? ^
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Werk 16862, which solved one SNMP context serialization bug, introduced another one.
When using SNMP contexts, the change activation crashes in 2.3.0p8.
After this Werk, SNMP contexts should work without errors.
Werk 16440 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# kube: ValueError: not enough values to unpack
key | value
---------- | ---
date | 2024-07-12T12:02:32+00:00
version | 2.3.0p11
class | fix
edition | cre
component | checks
level | 1
compatible | yes
This error affects users, which use the `Kubernetes` special agent, and have
enabled the option `Persistent Volume Claims`. It is a regression, which was
introduced in Checkmk version 2.3.0. Previously, the agent could crash with the
following error.
```
File "/omd/sites/cmksite/lib/python3/cmk/special_agents/utils_kubernetes/transform_any.py", line 39, in _parse_metric_sample_with_labels
value_string, *_optional_timestamp = timestamped_value.strip().split()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ValueError: not enough values to unpack (expected at least 1, got 0)
```
This error occured sporadically, if the agent was unable to contact the
`kubelet` via the Kubernets API. The error is now reported via the `Kubelet`
Service. This is the same behaviour as in Checkmk 2.2.0.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# kube: ValueError: not enough values to unpack
key | value
---------- | ---
date | 2024-07-12T12:02:32+00:00
- version | 2.3.0p10
? ^
+ version | 2.3.0p11
? ^
class | fix
edition | cre
component | checks
level | 1
compatible | yes
This error affects users, which use the `Kubernetes` special agent, and have
enabled the option `Persistent Volume Claims`. It is a regression, which was
introduced in Checkmk version 2.3.0. Previously, the agent could crash with the
following error.
```
File "/omd/sites/cmksite/lib/python3/cmk/special_agents/utils_kubernetes/transform_any.py", line 39, in _parse_metric_sample_with_labels
value_string, *_optional_timestamp = timestamped_value.strip().split()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ValueError: not enough values to unpack (expected at least 1, got 0)
```
This error occured sporadically, if the agent was unable to contact the
`kubelet` via the Kubernets API. The error is now reported via the `Kubelet`
Service. This is the same behaviour as in Checkmk 2.2.0.
Werk 16562 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# Fix automatic host registration and removal in case one remote site is not logged in
key | value
---------- | ---
date | 2024-07-08T06:09:01+00:00
version | 2.3.0p11
class | fix
edition | cre
component | wato
level | 1
compatible | yes
The automatic host registration and removal jobs are executed regularly in the
background to add or remove hosts. These are fundamental mechanisms to the
automatic host registration.
The jobs failed completely in case one remote site was configured but not logged
in, not only affecting the not logged in site, but all sites. The not logged in
site is now being skipped, leaving the mechanism intact for all other sites.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# Fix automatic host registration and removal in case one remote site is not logged in
key | value
---------- | ---
date | 2024-07-08T06:09:01+00:00
- version | 2.3.0p10
? ^
+ version | 2.3.0p11
? ^
class | fix
edition | cre
component | wato
level | 1
compatible | yes
The automatic host registration and removal jobs are executed regularly in the
background to add or remove hosts. These are fundamental mechanisms to the
automatic host registration.
The jobs failed completely in case one remote site was configured but not logged
in, not only affecting the not logged in site, but all sites. The not logged in
site is now being skipped, leaving the mechanism intact for all other sites.
Werk 17010 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# XSS in SQL check parameters
key | value
---------- | ---
date | 2024-06-17T10:08:19+00:00
version | 2.3.0p11
class | security
edition | cre
component | wato
level | 1
compatible | yes
Prior to this Werk an attacher could add HTML to one parameter of the *Check SQL database* rule which was executed on the overview page.
We found this vulnerability internally.
**Affected Versions**:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (probably older versions as well)
**Indicators of Compromis**:
The creation of such rules is logged in the audit log. You can therefore check the `wato_audit.log` either on the terminal or in the UI for entries that contain malicious HTML.
**Vulnerability Management**:
We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L`
We assigned CVE-2024-6052 to this vulnerability.
**Changes**:
This Werk fixes the escaping.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# XSS in SQL check parameters
key | value
---------- | ---
date | 2024-06-17T10:08:19+00:00
- version | 2.3.0p10
? ^
+ version | 2.3.0p11
? ^
class | security
edition | cre
component | wato
level | 1
compatible | yes
Prior to this Werk an attacher could add HTML to one parameter of the *Check SQL database* rule which was executed on the overview page.
We found this vulnerability internally.
**Affected Versions**:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (probably older versions as well)
**Indicators of Compromis**:
The creation of such rules is logged in the audit log. You can therefore check the `wato_audit.log` either on the terminal or in the UI for entries that contain malicious HTML.
**Vulnerability Management**:
We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L`
We assigned CVE-2024-6052 to this vulnerability.
**Changes**:
This Werk fixes the escaping.
Werk 16753 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# HW/SW Inventory: Fix missing joined service columns if a service is assigned to a cluster
key | value
---------- | ---
date | 2024-07-01T14:32:58+00:00
version | 2.3.0p11
class | fix
edition | cre
component | multisite
level | 1
compatible | yes
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# HW/SW Inventory: Fix missing joined service columns if a service is assigned to a cluster
key | value
---------- | ---
date | 2024-07-01T14:32:58+00:00
- version | 2.3.0p10
? ^
+ version | 2.3.0p11
? ^
class | fix
edition | cre
component | multisite
level | 1
compatible | yes
Werk 16863 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# proxmox: Fix log parsing crash for Proxmox versions 3.2.4 and newer
key | value
---------- | ---
compatible | yes
version | 2.3.0p11
date | 2024-06-28T14:34:01+00:00
level | 1
class | fix
component | checks
edition | cre
The backup log format changed in Proxmox version 3.2.4 which resulted in a crash
in the Proxmox special agent.
The special agent can now handle both old and the new format of backup log messages.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# proxmox: Fix log parsing crash for Proxmox versions 3.2.4 and newer
key | value
---------- | ---
compatible | yes
- version | 2.3.0p10
? ^
+ version | 2.3.0p11
? ^
date | 2024-06-28T14:34:01+00:00
level | 1
class | fix
component | checks
edition | cre
The backup log format changed in Proxmox version 3.2.4 which resulted in a crash
in the Proxmox special agent.
The special agent can now handle both old and the new format of backup log messages.
Werk 17031 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# TrippLite UPS: discover devices with .1.3.6.1.4.1.850.1 as sysObjectID
key | value
---------- | ---
date | 2024-06-26T16:13:34+00:00
version | 2.3.0p11
class | feature
edition | cre
component | checks
level | 1
compatible | yes
TrippLite UPSs use OID .1.3.6.1.4.1.850.1 as sysObjectID.
These devices are currently not discovered and monitored.
This has now been changed and they will be discovered.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# TrippLite UPS: discover devices with .1.3.6.1.4.1.850.1 as sysObjectID
key | value
---------- | ---
date | 2024-06-26T16:13:34+00:00
- version | 2.3.0p10
? ^
+ version | 2.3.0p11
? ^
class | feature
edition | cre
component | checks
level | 1
compatible | yes
TrippLite UPSs use OID .1.3.6.1.4.1.850.1 as sysObjectID.
These devices are currently not discovered and monitored.
This has now been changed and they will be discovered.
Werk 17063 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# Delete PDF tmp files older one day
key | value
---------- | ---
date | 2024-07-08T07:04:56+00:00
version | 2.3.0p11
class | fix
edition | cre
component | wato
level | 1
compatible | yes
Werk #15125 introduced a cleanup mechanism for old PFD tmp files but deleted
files older 48hours.
Now files older than one day are deleted.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# Delete PDF tmp files older one day
key | value
---------- | ---
date | 2024-07-08T07:04:56+00:00
- version | 2.3.0p10
? ^
+ version | 2.3.0p11
? ^
class | fix
edition | cre
component | wato
level | 1
compatible | yes
Werk #15125 introduced a cleanup mechanism for old PFD tmp files but deleted
files older 48hours.
Now files older than one day are deleted.
Werk 17061 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# Show correct host alias in context of test notifications
key | value
---------- | ---
date | 2024-07-04T12:55:43+00:00
version | 2.3.0p11
class | fix
edition | cre
component | notifications
level | 1
compatible | yes
The hostname was shown instead of the alias in the context of a test
notification, even if an alias was defined for the host.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# Show correct host alias in context of test notifications
key | value
---------- | ---
date | 2024-07-04T12:55:43+00:00
- version | 2.3.0p10
? ^
+ version | 2.3.0p11
? ^
class | fix
edition | cre
component | notifications
level | 1
compatible | yes
The hostname was shown instead of the alias in the context of a test
notification, even if an alias was defined for the host.
Werk 16439 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# redis: Add Log Rotation
key | value
---------- | ---
date | 2024-07-08T06:33:26+00:00
version | 2.3.0p11
class | fix
edition | cre
component | omd
level | 1
compatible | yes
Previously, the file `var/log/redis-server.log` would not be rotated. If you are unable to upgrade,
you can adjust the file in `$OMD_ROOT/etc/logrotate.d/redis`.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# redis: Add Log Rotation
key | value
---------- | ---
date | 2024-07-08T06:33:26+00:00
- version | 2.3.0p10
? ^
+ version | 2.3.0p11
? ^
class | fix
edition | cre
component | omd
level | 1
compatible | yes
Previously, the file `var/log/redis-server.log` would not be rotated. If you are unable to upgrade,
you can adjust the file in `$OMD_ROOT/etc/logrotate.d/redis`.