[//]: # (werk v2)
# Opsgenie: Update description and message
key | value
---------- | ---
date | 2024-08-26T13:13:19+00:00
version | 2.4.0b1
class | feature
edition | cre
component | notifications
level | 1
compatible | yes
The alerts description and message will now be updated.
This requires configuring the integration team name in the plugin.
[//]: # (werk v2)
# Opsgenie: Support other notification types
key | value
---------- | ---
date | 2024-08-26T12:29:57+00:00
version | 2.4.0b1
class | feature
edition | cre
component | notifications
level | 1
compatible | no
Previously, only PROBLEM, RECOVERY and ACKNOWLEDGEMENT notifications were
supported by the Opsgenie plugin. Now the other types are also supported.
Flapping and Downtimes will add or remove tags from the alerts. Alert handler
executions will only add notes.
Due to how alerts are looked up in Opsgenie, the plugin will not be able to
update the alert if it is already closed. This means alert handler executions
that run after the recovery will not be able to add notes to the alert.
In order to enable these changes, the integration team name must be configured
in the plugin.
Title: Fix XSS in view page with SLA column
Class: security
Compatible: compat
Component: wato
Date: 1723724113
Edition: cee
Level: 1
Version: 2.1.0p47
Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML in the view page without proper escaping, leading to a potential XSS vulnerability.
<strong>Affected Versions</strong>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<strong>Indicators of Compromise</strong>:
Cloning the view page of untrusted users who have injected HTML into the SLA titles.
<strong>Vulnerability Management</strong>:
We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector: <code>CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N</code>, and assigned <code>CVE-2024-38859</code>.
Title: mk_informix: Follow up for Werk 16198
Class: security
Compatible: compat
Component: checks
Date: 1721978318
Edition: cre
Level: 1
Version: 2.1.0p47
<a href="https://checkmk.com/werk/16198">Werk #16198</a> addressed potential priviledge escalation by the agent plugin <code>mk_informix</code>.
However, a few callsites to the binaries <code>dbaccess</code> and <code>onstat</code> where missing the safe execution.
Those binaries are now also called in a safe way.
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 5.2 (Medium) with the following CVSS vector: <code>CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H</code> and assigned CVE <code>CVE-2024-28829</code>.
Title: cpu_utilization: allow total CPU utilization to be set above 101%
Class: fix
Compatible: compat
Component: checks
Date: 1724827504
Edition: cre
Level: 1
Version: 2.2.0p33
Before this werk, the "High utilization at" level option within the
"Levels over an extended time period on total CPU utilization" target
was limited to a maximum of 101%. However, in environments like containers,
the total CPU utilization can exceed this threshold. This werk therefore removes
the upper limit for the total value.
Title: Skip unnecessary site activations when editing users
Class: fix
Compatible: compat
Component: wato
Date: 1723702736
Edition: cre
Level: 1
Version: 2.2.0p33
Previously, any changes to users required site activations on all
existing sites. This created a lot of unnecessary activations where
users only exist on certain sites.
With this werk, only the sites associated with the changed users require
an activation.
Title: Fix Cisco Meraki missing services
Class: fix
Compatible: compat
Component: checks
Date: 1724751487
Edition: cre
Level: 1
Version: 2.2.0p33
In some rare cases, when using the Cisco Meraki Special Agent, certain services such as temperature
sensors or device status may be missing. This happened when no device name was configured for a
particular device.
These devices are now added to the main host on which the Cisco Meraki integration is configured.
If you want to monitor the device as a separate piggyback host, you must configure a name for that
device.
The missing services must be discovered by running a service discovery on the main host.
Title: Handle years in ntp output
Class: fix
Compatible: compat
Component: checks
Date: 1724757177
Edition: cre
Level: 1
Version: 2.2.0p33
This werk affects you, in case your last <code>ntpq</code> synchronization was indeed more than a year ago.
A potential check crash traceback looks like:
C+:
File "/omd/sites/SITE/lib/python3/cmk/base/plugins/agent_based/ntp.py", line 67, in _ntp_fmt_time
return int(raw)
ValueError: invalid literal for int() with base 10: '3y'
C-:
The year case is now handled in the parse function.
Title: Add support for MariaDB 11
Class: fix
Compatible: compat
Component: checks
Date: 1718006095
Edition: cre
Level: 1
Version: 2.2.0p33
MariaDB 11 deprecated mysql* binaries and shows an error message like:
<code>
mysqladmin: Deprecated program name. It will be removed in a future release, use ‘/usr/bin/mariadb-admin’ instead
</code>
The agent plugin now checks if the MariaDB binaries are available and prefers them over the mySQL binaries.