[//]: # (werk v2)
# check_wmi_webservices: fix CurrentConnections monitoring
key | value
---------- | ---
date | 2024-04-02T06:44:07+00:00
version | 2.3.0b5
class | fix
edition | cre
component | checks
level | 1
compatible | yes
The CurrentConnections metric was calculated "per second".
We now directly show the number of connections returned by the service.
Werk 16180 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# Ruleset API: Datamodel changes for Proxy FormSpec
key | value
---------- | ---
date | 2024-03-28T13:45:23+00:00
version | 2.3.0b5
class | feature
edition | cre
component | checks
level | 1
compatible | yes
This only affects plugin developers using the new API `cmk.rulesets.v1`.
The datamodel for the `Proxy`, `Levels`, `TimePeriod` and `Password` Formspecs is changed.
Use the `migrate_to_...` migration function to update your stored configurations to the newer datamodel.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# Ruleset API: Datamodel changes for Proxy FormSpec
key | value
---------- | ---
date | 2024-03-28T13:45:23+00:00
version | 2.3.0b5
class | feature
edition | cre
component | checks
level | 1
compatible | yes
- This only affects plugin developers.
- The datamodel for the `Proxy` Formspec is changed.
+ This only affects plugin developers using the new API `cmk.rulesets.v1`.
+ The datamodel for the `Proxy`, `Levels`, `TimePeriod` and `Password` Formspecs is changed.
- Use the `migrate_to_proxy` migration function to update your stored configurations to the newer datamodel.
? ^^^^^
+ Use the `migrate_to_...` migration function to update your stored configurations to the newer datamodel.
? ^^^
[//]: # (werk v2)
# check_cert: New active check for advanced certificate monitoring
key | value
---------- | ---
date | 2024-04-03T13:42:35+00:00
version | 2.3.0b4
class | feature
edition | cre
component | checks
level | 2
compatible | yes
The _check_http_ plug-in was previously the only method to monitor
certificates out-of-the-box with Checkmk. With the new plug-in Checkmk
provides an extensive functionality to monitor certificates. This includes
but is not limited to certificates provided by the HTTP protocol.
With the new plug-in you can monitor all certificates provided through
a TCP connection to encrypt communication. This includes the monitoring
of
* validity times (max and remaining)
* issuer fields
* subject fields
* encryption algorithm
* alternative names
* response times
* public key algorithm and size
* serial number
As with the reworked plugin to monitor web services, you are able to
configure multiple services within a single rule.
[//]: # (werk v2)
# check_http: Soft deprecatation of old HTTP monitoring plug-in
key | value
---------- | ---
date | 2024-04-03T13:15:48+00:00
version | 2.3.0b4
class | feature
edition | cre
component | checks
level | 2
compatible | no
The old plug-in is being deprecated in a soft way with this werk. Unlike
hard deprecation, the deprecated rule set "Check HTTP service" will remain
fully functional. However, new rules should only be created if absolutely
necessary, such as when experiencing issues with the new "Check HTTP web
service" implementation and needing to roll back to the old one.
Please note that the rule set will be hard deprecated in version 2.4.0,
meaning that you will no longer be able to create new rules. However, the
plug-in itself will remain available as this is a component of the
monitoring-plugins collection that comes with Checkmk.
Please know us know if you find any features that were present in the old
plug-in but are missing in the new one.
[//]: # (werk v2)
# Disallow python_plugins and lnx_remote_alert_handlers agent config options for users without the "add_or_modify_executables" permission
key | value
---------- | ---
date | 2024-03-15T10:37:41+00:00
version | 2.3.0b5
class | fix
edition | cre
component | wato
level | 1
compatible | yes
Without the "add_or_modify_executables" permission users do not have the right
to change any executable run by checkmk, either on the site or via the agent.
The agent config options "python_plugins" and "lnx_remote_alert_handlers" have
not yet checked for that permission.
In the UI "python_plugins" and "lnx_remote_alert_handlers are called
"Python agent plugin execution (UNIX)" and "Remote alert handler (Linux)" respectively.
[//]: # (werk v2)
# mk_oracle(ps1): Follow-up to privilege escalation fix
key | value
---------- | ---
compatible | no
version | 2.3.0b5
date | 2024-04-05T11:02:27+00:00
level | 2
class | fix
component | checks
edition | cre
You might be affected by this Werk if you use <tt>mk_oracle</tt> on Windows.
Werk <a href="https://checkmk.com/werk/16232">Werk #16232</a> introduced a
regression, thereby disrupting Oracle monitoring on Windows.
This Werk addresses above mentioned issue that affects versions 2.1.0p41,
2.2.0p24, and 2.3.0b4.
Since this release, Oracle monitoring on Windows is fully supported under
condition you use an account without administrator rights or the certain
executable binaries, <tt>sqlplus.exe</tt>, <tt>tnsping.exe</tt> and, if
presented, <tt>crsctl.exe</tt> are write-protected, with the possible
exception being the Administrator.
If you are unable or prefer not to use an unprivileged account then you may
need to adjust permissions for above mentioned binaries: remove <tt>Write</tt>,
<tt>Full Control</tt> and <tt>Modify</tt> permissions for any non-Administrator
user and group.
More information about can be found at <a href="https://checkmk.atlassian.net/wiki/x/AQA1B">here</a>.
[//]: # (werk v2)
# Fixed association of contacts with hosts/services/contactgroups
key | value
---------- | ---
date | 2024-04-05T13:48:37+00:00
version | 2.3.0b5
class | fix
edition | cre
component | livestatus
level | 3
compatible | yes
Checkmk 2.3 beta introduced a regression regarding contacts when
then Nagios core was used: The association of contacts with hosts,
services and contact groups was incorrect. A symptom of this bug
were e.g. missing hosts or services in the GUI.
[//]: # (werk v2)
# kube_persistent_volume_claim: resolve KeyError crash when Volume parameters are configured
key | value
---------- | ---
date | 2024-04-03T10:30:30+00:00
version | 2.3.0b5
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Before this update, configuring 'Volume parameters' in the PVC check plugin led to a crash. This
issue arose because the plugin was not designed to process trend size-related levels, which,
however, were anticipated by the general filesystem function handler shared among filesystem-related
check plugins. To resolve this, the general function has been modified to bypass trend computation
when a trend rule is not set, a scenario always applicable to the PVC check plugin.
[//]: # (werk v2)
# Fix XSS in graph rendering
key | value
---------- | ---
date | 2024-04-04T14:24:50+00:00
version | 2.3.0b5
class | security
edition | cre
component | wato
level | 1
compatible | yes
Prior to this Werk a service name with html tags lead to cross site scripting in the graph rendering.
We found this vulnerability internally.
**Affected Versions**:
Only 2.3.0 is affected, older versions are NOT affected.
**Vulnerability Management**:
We have rated the issue with a CVSS Score of 4.6 (Medium) with the following CVSS vector:
`CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N`.
We assigned CVE-2024-2380 to this vulnerability.
**Changes**:
This Werk changes the encoding engine to use our customized JSON encoder.