[//]: # (werk v2)
# mysql_replica_slave: Adapt mk_mysql for MySQL version 8.0.22 and above
key | value
---------- | ---
date | 2024-09-10T12:46:28+00:00
version | 2.4.0b1
class | feature
edition | cre
component | checks
level | 1
compatible | yes
From MySQL 8.0.22, SHOW SLAVE STATUS is deprecated and the alias SHOW REPLICA STATUS should be used instead.
The statement works in the same way as before, only the terminology used for the statement and its output has changed.
For the sake of compatibility, the service name will stay the same 'MySQL Slave'.
There is no user intervention required.
Title: Fix XSS on SAML login screen
Class: security
Compatible: compat
Component: wato
Date: 1725549833
Edition: cee
Level: 1
Version: 2.2.0p34
Prior to Werk, attackers could craft URLs that rendered clickable HTML links in the error box on the SAML login page.
This could facilitate phishing attacks by tricking users into clicking malicious links.
Links in the error message are now escaped and no longer clickable.
This issue was identified during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 5.1 Medium (<code>CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N</code>) and assigned <code>CVE-2024-38860</code>.
[//]: # (werk v2)
# Fix XSS on SAML login screen
key | value
---------- | ---
date | 2024-09-05T15:23:53+00:00
version | 2.3.0p16
class | security
edition | cee
component | wato
level | 1
compatible | yes
Prior to Werk, attackers could craft URLs that rendered clickable HTML links in the error box on the SAML login page.
This could facilitate phishing attacks by tricking users into clicking malicious links.
Links in the error message are now escaped and no longer clickable.
This issue was identified during internal review.
*Affected Versions*:
* 2.3.0
* 2.2.0
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 5.1 Medium (`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N`) and assigned `CVE-2024-38860`.
[//]: # (werk v2)
# ups_*: support for NetVision OIDs
key | value
---------- | ---
compatible | yes
version | 2.3.0p16
date | 2024-09-10T14:20:45+00:00
level | 1
class | fix
component | checks
edition | cre
Newer firmware for NetVision cards was not supported due to changed SNMP OIDs for UPS entries.
This change adds `.1.3.6.1.4.1.4555.1.1.7` and `.1.3.6.1.4.1.42610.1.4.4` to the detection lists.
[//]: # (werk v2)
# pure_storage_fa_volumes: protocol_endpoints result in DivisionByZero exception
key | value
---------- | ---
date | 2024-09-10T12:53:22+00:00
version | 2.3.0p16
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Running `pure_storage_fa_volumes` on a `protocol_endpoints` entry resulted in a DivisionByZero
exception being thrown due to `total_provisioned` being 0.
This change makes `pure_storage_fa_volumes` skip `protocol_endpoint` entirely
[//]: # (werk v2)
# Fix XSS on SAML login screen
key | value
---------- | ---
date | 2024-09-05T15:23:53+00:00
version | 2.4.0b1
class | security
edition | cee
component | wato
level | 1
compatible | yes
Prior to Werk, attackers could craft URLs that rendered clickable HTML links in the error box on the SAML login page.
This could facilitate phishing attacks by tricking users into clicking malicious links.
Links in the error message are now escaped and no longer clickable.
This issue was identified during internal review.
*Affected Versions*:
* 2.3.0
* 2.2.0
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 5.1 Medium (`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N`) and assigned `CVE-2024-38860`.