[//]: # (werk v2)
# mk_postgres: Adapt environment file parsing
key | value
---------- | ---
date | 2024-01-31T10:45:29+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Reading variables from the environment file was adapted:
Lines starting with `#` will now be ignored.
[//]: # (werk v2)
# Skip unnecessary site activations when editing users
key | value
---------- | ---
date | 2024-08-15T06:18:56+00:00
version | 2.4.0b1
class | fix
edition | cre
component | wato
level | 1
compatible | yes
Previously, any changes to users required site activations on all
existing sites. This created a lot of unnecessary activations where
users only exist on certain sites.
With this werk, only the sites associated with the changed users require
an activation.
[//]: # (werk v2)
# systemd_units_*_summary: Support units without description
key | value
---------- | ---
date | 2024-08-20T13:41:37+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
The parser assumed that there is always a description, but systemd seems to be
okay with units without description.
The units were still detected but some service details were missing, for example
how long the service was in a temporary state.
[//]: # (werk v2)
# systemd_units_*_summary: Handle reloading units correctly
key | value
---------- | ---
date | 2024-08-20T13:34:14+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Reloading systemd units were not handle correctly: They were always in the state
specified in "Monitoring state for any other unit state" (CRIT by default) and
ignored the "Tolerance period for 'reloading' state" configuration (30/60
seconds by default)
[//]: # (werk v2)
# REST-API: Add inventory paths to contact group endpoints
key | value
---------- | ---
date | 2024-08-20T12:35:21+00:00
version | 2.4.0b1
class | feature
edition | cre
component | rest-api
level | 1
compatible | yes
All contact group endpoints now support the configuration of the permitted
inventory paths.
[//]: # (werk v2)
# REST-API: Include customer in list group endpoints
key | value
---------- | ---
date | 2024-08-19T14:36:04+00:00
version | 2.4.0b1
class | feature
edition | cme
component | rest-api
level | 1
compatible | yes
The list endpoints for Contact, Host and Service groups now include the
customer configuration.
[//]: # (werk v2)
# Fix XSS in view page with SLA column
key | value
---------- | ---
date | 2024-08-15T12:15:13+00:00
version | 2.4.0b1
class | security
edition | cee
component | wato
level | 1
compatible | yes
Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML in the view page without proper escaping, leading to a potential XSS vulnerability.
**Affected Versions**:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
**Indicators of Compromise**:
Cloning the view page of untrusted users who have injected HTML into the SLA titles.
**Vulnerability Management**:
We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N`, and assigned `CVE-2024-38859`.
[//]: # (werk v2)
# REST-API: error 500 on service discovery when disabling active or custom checks
key | value
---------- | ---
date | 2024-08-26T07:59:27+00:00
version | 2.4.0b1
class | fix
edition | cre
component | rest-api
level | 1
compatible | yes
When disabling an active or custom check and running the service discovery via
the REST-API, for example with the
```
/domain-types/service_discovery_run/actions/start/invoke
```
endpoint, this would cause an error 500 to be returned.
Now, the service discovery via the REST-API works as expected.
[//]: # (werk v2)
# Fix select comment removal removing all comments for acknowledgements
key | value
---------- | ---
compatible | yes
version | 2.4.0b1
date | 2024-08-22T11:00:17+00:00
level | 1
class | fix
component | wato
edition | cre
When selecting and removing Acknowledgement-type comments, all non-persistent
acknowledgement comments were removed for the respective host or service, even
if they were not selected.
With this werk, only the selected comments are removed in every case. This
allows you to selectively remove acknowledgement comments without resetting the
acknowledgement status of the host or service, as long as other acknowledgement
comments are present.
The acknowledgement status is reset once all acknowledgement comments are
removed.
[//]: # (werk v2)
# Microsoft Teams: Fix notifications not being displayed
key | value
---------- | ---
date | 2024-08-21T06:48:08+00:00
version | 2.4.0b1
class | fix
edition | cre
component | notifications
level | 1
compatible | yes
Werk #17178 updated the way notifications are displayed in MS Teams.
Unfortunately this caused them to not be displayed at all due to a version
incompatibility in the AdaptiveCard. The issue is now resolved.