ID: 5240
Title: agent_netapp, environmental sensors monitoring. No longer fails if a node has no configured shelfes
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.5.0i1
This fixes the error message <tt>"NoneType" object has no attribute 'children_get'</tt>, reported by the check <tt>NetApp filer connection</tt>.
ID: 5353
Title: citrix_sessions: fixes a case where no session number was returned
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.5.0i1
In some circumstances citrix_sessions did not return values for
XenServers. This werk fixes this problem in the citrix_xenapp
PowerShell script so that always a valid session number is
returned.
ID: 5196
Title: Bumped Livestatus stack size to give regex matching more breathing room.
Component: Livestatus
Level: 1
Class: Bug fix
Version: 1.5.0i1
The current implementation of regular expression matching can use a
non-trivial amount of memory (mainly stack), and our previous memory limit
was a bit tight. This has been improved, so regular expression matching
should work more reliably.
Note that this increases the overall amount of memory allocated for
Check_MK, but for normal installations the increase should be negligible.
ID: 5195
Title: Fixed an obscure BI bug related to hard states when using the Nagios core.
Component: Livestatus
Level: 1
Class: Bug fix
Version: 1.5.0i1
Previously, the "service" table was missing a "hard_state" columnm, which
led to a rather obscure bug in BI: When the Nagios core was used and BI was
configured to use hard states and a service was in a non-OK soft state, the
service was effectively ignored by BI. This has been fixed.
ID: 5194
Title: Fixed time zone handling for Stats: columns.
Component: Livestatus
Level: 1
Class: Bug fix
Version: 1.5.0i1
The time zone specified via the Localtime: header was ignored for Stats:
columns, so their returned value was wrong when it was a time-related
column. This has been fixed.
ID: 5193
Title: Fixed authorization handling for Livestatus queries.
Component: Livestatus
Level: 1
Class: Bug fix
Version: 1.5.0i1
Depending on the monitoring core used, several columns did not respect the
AuthUser: header, so more hosts/services/groups were returned than
requested. This has been fixed.
ID: 5432
Title: Network scan: The tag for the "criticality" host tag group can now be configured
Component: WATO
Level: 1
Class: New feature
Version: 1.5.0i1
Before this change all new hosts found by the network scan were added as offline hosts
(Criticality: Do not monitor this host). It is now possible to configure this value
in the properties of the network scan.
ID: 5431
Title: Fixed possible reflected XSS using custom bookmarks
Component: Multisite
Level: 1
Class: Security fix
Version: 1.5.0i1
It was possible to create custom bookmarks by making the user open a
crafted URL. This created a bookmark in the users default bookmark list
which could be used to execute custom javascript code when the user
clicks on the just created link.
For example the user session cookies can be read and reported to the
attackers, who could then hijack the users sessions with the application.
This issue has been fixed by limiting absolute URLs in bookmarks to the
URL schemes <tt>https</tt> and <tt>http</tt>.