Werk 16652 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: NVIDIA Graphics Card: Fix parsing error on new data format
Class: fix
Compatible: compat
Component: checks
Date: 1712312228
Edition: cre
Level: 1
Version: 2.2.0p26
------------------------------------<diff>-------------------------------------------
Title: NVIDIA Graphics Card: Fix parsing error on new data format
Class: fix
Compatible: compat
Component: checks
Date: 1712312228
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
Werk 16508 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Make LDAP connection test errors more explicit
Class: feature
Compatible: compat
Component: wato
Date: 1709829281
Edition: cre
Level: 1
Version: 2.2.0p26
The LDAP connection test does not give enough information
about which DN configured results in an error.
This werk adds identifying information for the DN to the
error message to make it easier to identify the problem.
------------------------------------<diff>-------------------------------------------
Title: Make LDAP connection test errors more explicit
Class: feature
Compatible: compat
Component: wato
Date: 1709829281
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
The LDAP connection test does not give enough information
about which DN configured results in an error.
This werk adds identifying information for the DN to the
error message to make it easier to identify the problem.
Werk 16550 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Linux remote alert handlers not running under non-root user
Class: fix
Compatible: compat
Component: agents
Date: 1710234878
Edition: cee
Level: 1
Version: 2.2.0p26
In the ruleset <em>Remote alert handlers (Linux)</em>, you have to specify
a user under that the remote alert handler will be executed on agent side.
This user is set to <em>root</em> by default, but it's possible to choose
an arbitrary user.
But, when choosing a non-root user, the alert handlers previously
failed to execute, because the handler files got deployed with root-ownership
and were not readable by others.
To fix the problem, the ownership of the files now get changed to the specified
user.
Security note:
In general, it's important that all internal files of the Checkmk
agent have root ownership, as they might be read/executed by the Checkmk agent
under root.
However, this is not the case for remote alert handlers, as they
always get executed under the specified user.
As an additional security measure, the dispatcher on agent side
checks the ownership of installed remote alert handlers, and refuses to execute
non-root owned handlers when called via SSH with root rights.
------------------------------------<diff>-------------------------------------------
Title: Linux remote alert handlers not running under non-root user
Class: fix
Compatible: compat
Component: agents
Date: 1710234878
Edition: cee
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
In the ruleset <em>Remote alert handlers (Linux)</em>, you have to specify
a user under that the remote alert handler will be executed on agent side.
This user is set to <em>root</em> by default, but it's possible to choose
an arbitrary user.
But, when choosing a non-root user, the alert handlers previously
failed to execute, because the handler files got deployed with root-ownership
and were not readable by others.
To fix the problem, the ownership of the files now get changed to the specified
user.
Security note:
In general, it's important that all internal files of the Checkmk
agent have root ownership, as they might be read/executed by the Checkmk agent
under root.
However, this is not the case for remote alert handlers, as they
always get executed under the specified user.
As an additional security measure, the dispatcher on agent side
checks the ownership of installed remote alert handlers, and refuses to execute
non-root owned handlers when called via SSH with root rights.
Werk 16497 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: agent_aws: Use proxy for connections to 'STS' client
Class: fix
Compatible: compat
Component: checks
Date: 1709804740
Edition: cre
Level: 1
Version: 2.2.0p26
Previously, if configured, proxy was used to connect to all clients except for the 'STS' client.
This led to a crash in the agent if 'STS' client was only accessible via proxy.
Now, the configured proxy will be used for the 'STS' client as well.
------------------------------------<diff>-------------------------------------------
Title: agent_aws: Use proxy for connections to 'STS' client
Class: fix
Compatible: compat
Component: checks
Date: 1709804740
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
Previously, if configured, proxy was used to connect to all clients except for the 'STS' client.
This led to a crash in the agent if 'STS' client was only accessible via proxy.
Now, the configured proxy will be used for the 'STS' client as well.
Werk 16609 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Publish permission handling for various components
Class: fix
Compatible: incomp
Component: multisite
Date: 1710410065
Edition: cre
Level: 1
Version: 2.2.0p26
Werk 13498 introduced the possibility to set limit publish permissions
to certain contact groups, sites etc. Still, the permission "Publish views"
(e.g. for publishing views) was needed to see the published views. With
Werk 16320 this has been fixed for dashboards, views and reports.
This werk fixes the behavior for the remaining components (Bookmarks, Graphs,
SLAs and Reports).
Note: Please check the respective publish configuration.
------------------------------------<diff>-------------------------------------------
Title: Publish permission handling for various components
Class: fix
Compatible: incomp
Component: multisite
Date: 1710410065
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
Werk 13498 introduced the possibility to set limit publish permissions
to certain contact groups, sites etc. Still, the permission "Publish views"
(e.g. for publishing views) was needed to see the published views. With
Werk 16320 this has been fixed for dashboards, views and reports.
This werk fixes the behavior for the remaining components (Bookmarks, Graphs,
SLAs and Reports).
Note: Please check the respective publish configuration.
Werk 16611 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: notifications: Crash on config page when rule exists with missing permissions
Class: fix
Compatible: compat
Component: notifications
Date: 1711532390
Edition: cre
Level: 1
Version: 2.2.0p26
When a user tries to access the notification setup page where
a rule is listed for which the user does not have access rights,
the page would crash making any changes impossible.
With this werk, the table generation is fixed and the page will
no longer crash the GUI.
------------------------------------<diff>-------------------------------------------
Title: notifications: Crash on config page when rule exists with missing permissions
Class: fix
Compatible: compat
Component: notifications
Date: 1711532390
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
When a user tries to access the notification setup page where
a rule is listed for which the user does not have access rights,
the page would crash making any changes impossible.
With this werk, the table generation is fixed and the page will
no longer crash the GUI.
Werk 16603 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: mk_postgres: Ensure coherent string encoding
Class: fix
Compatible: compat
Component: checks
Date: 1711529016
Edition: cre
Level: 1
Version: 2.2.0p26
Postgres.cfg was always read as unicode decoded.
This ensures that the read text is correctly converted to byte string format.
------------------------------------<diff>-------------------------------------------
Title: mk_postgres: Ensure coherent string encoding
Class: fix
Compatible: compat
Component: checks
Date: 1711529016
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
Postgres.cfg was always read as unicode decoded.
This ensures that the read text is correctly converted to byte string format.
Werk 16605 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: check_wmi_webservices: fix CurrentConnections monitoring
Class: fix
Compatible: compat
Component: checks
Date: 1712040247
Edition: cre
Level: 1
Version: 2.2.0p26
The CurrentConnections metric was calculated "per second".
We now directly show the number of connections returned by the service.
------------------------------------<diff>-------------------------------------------
Title: check_wmi_webservices: fix CurrentConnections monitoring
Class: fix
Compatible: compat
Component: checks
Date: 1712040247
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
The CurrentConnections metric was calculated "per second".
We now directly show the number of connections returned by the service.
Werk 16623 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: HW/SW Inventory: Fix crash when filtering for number of sites for Checkmk version
Class: fix
Compatible: compat
Component: inv
Date: 1710167848
Edition: cre
Level: 1
Version: 2.2.0p26
When filtering the Checkmk versions -> #Sites inventory column, a crash occurs with
C+:
TypeError (expected string or bytes-like object)
...
File "/omd/sites/oldstable/lib/python3/cmk/gui/query_filters.py", line 510, in <lambda>
return lambda row: bool(regex.search(row.get(column, "")))
C-:
This crash has been fixed.
------------------------------------<diff>-------------------------------------------
Title: HW/SW Inventory: Fix crash when filtering for number of sites for Checkmk version
Class: fix
Compatible: compat
Component: inv
Date: 1710167848
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
When filtering the Checkmk versions -> #Sites inventory column, a crash occurs with
C+:
TypeError (expected string or bytes-like object)
...
File "/omd/sites/oldstable/lib/python3/cmk/gui/query_filters.py", line 510, in <lambda>
return lambda row: bool(regex.search(row.get(column, "")))
C-:
This crash has been fixed.