ID: 1438
Title: quicksearch: fixed various non-working quicksearch filters
Component: Multisite
Level: 2
Class: Bug Fix
Version: 1.2.5i7
Some of the view filters got renamed in the latest releases.
These changes were not considered in the quicksearch plugins which refer to these filters.
As a result the hostgroup (<i>hg:</i>) search did not work properly.
Also the some multiple search filters (e.g. <i>h: test s: cpu hg: testgroup</i>) did omit the
specified host- and servicegroup patterns.
ID: 1437
Title: veeam_jobs: fixed incorrect state for BackupSync job
Component: Checks & Agents
Level: 1
Class: Bug Fix
Version: 1.2.5i7
The check now reports an OK state when type is <tt>BackupSync</tt> and the current state is <tt>Idle</tt>.
Previously it checked the backup status for <tt>Idle</tt>
ID: 1511
Title: oracle_jobs: avoid broken checks, make compatible with old version
Component: Checks & Agents
Level: 1
Class: Bug Fix
Version: 1.2.5i7
After the introduction of the necessary job owner, previous checks would fail
until reinventorized. This has been fixed. The check is now compatible with
old checks where the job owner is not yet contained in the item.
ID: 1436
Title: quicksearch: search with multiple patterns (h: / s:) no longer discards the host pattern
Component: Multisite
Level: 1
Class: Bug Fix
Version: 1.2.5i7
The host filter name of the target page was renamed from <tt>host</tt> to <tt>host_regex</tt>.
The quicksearch still used the old filter name to insert this data. Therefore the host pattern
data got discarded.
ID: 1509
Title: if, if64: New option for make inventory based on port alias
Component: Checks & Agents
Level: 1
Class: New Feature
Version: 1.2.5i7
All interface checks now allow to inventory just those ports whose
alias matches one of a list of regular expressions. These are a new
option in the WATO rule <i>Network Interface and Switch Port Inventory</i>.
This allows you to control which ports are monitored based on the alias
<b>without</b> using the alias as the service description.
ID: 1446
Title: cisco_temp_perf: Modified scan function for check to be inventorized alongside cisco_temp_sensor. Can lead to duplicate services in some cases
Component: Checks & Agents
Level: 1
Class: New Feature
Version: 1.2.5i7
ID: 1069
Title: Replaced insecure auth.secret mechanism
Component: Multisite
Level: 2
Class: Security Fix
Version: 1.2.5i7
We replaced a insecure mechanism of generating the auth.secret which
is used during construction of the authentication cookies when a user
logs into the Check_MK Web GUI to make the authentication cookie only
valid for an individual site or a group of sites connected in a
distributed setup.
What you have to know about:
When the first user accesses the Web GUI after the update to this version,
all currently valid auth cookies of all users will be invalidated. As a
result all users will need to login again.
In distributed setups you will also need to do a replication from the
master site (which generated a new secret) to all slave sites (which
generated another secret themselfs). The replication will synchronize
the new secret of the master to all slaves which should make the
transparent authentication between all sites work again.
ID: 1499
Title: Fixed XSS injections in different places
Component: Multisite
Level: 1
Class: Security Fix
Version: 1.2.5i7
Fixed different XSS injections in the Check_MK multisite code
where an authenticated user could inject custom script code
to be executed during page rendering.
ID: 1500
Title: Preventing livestatus injections in different places
Component: Multisite
Level: 2
Class: Security Fix
Version: 1.2.5i7
In some places strings provided by the users, e.g. by filling values into a form,
are used to construct livestatus queries. This is, for example, done when filtering
views or executing commands.
Previous versions were directly using the strings provided by the user without
escaping or filtering characters which could lead into some trouble. This has
been fixed now. The strings provided by the user are now filtered before using
them in livestatus queries.
For the moment the only implemented action is to remove all newline (\n) characters
from the values to prevent injections of non intended livestatus queries / commands.
ID: 1498
Title: Fixed displaying of global settings titles / help texts
Component: WATO
Level: 1
Class: Bug Fix
Version: 1.2.5i7
Some titles were not displayed correctly or the help texts were
missing. This is fixed now.