Title: Fixed value of dowtimes:is_pending column
Class: fix
Compatible: compat
Component: livestatus
Date: 1723637043
Edition: cre
Level: 1
Version: 2.2.0p33
The value of the "is_pending" column in the "downtimes" Livestatus table was
inverted, which was a regression since 2.2. This has been fixed.
Title: Save scrollbar position on page load
Class: fix
Compatible: compat
Component: multisite
Date: 1723462396
Edition: cre
Level: 1
Version: 2.2.0p33
The sidebar of the main frame always scrolled up to the top after the page
load.
This was an issue if you e.g. edited large views and already scrolled down
before the whole page was loaded.
Title: Better handling of notification result in case of timeout
Class: fix
Compatible: compat
Component: notifications
Date: 1717580562
Edition: cre
Level: 1
Version: 2.2.0p33
Werk #16707 added useful log information to failed notifications in case of a timeout.
In some cases, this log contained also script output.
We now show the timeout message within "Summary" of the notification result
and, if available, the last output of the notification plugin followed by the
timeout message within the "Comment" column. Both are separated by "--".
Title: Fix link of "Open this Aggregation"
Class: fix
Compatible: compat
Component: multisite
Date: 1723468942
Edition: cre
Level: 1
Version: 2.2.0p33
If you used the option "Open this Aggregation" in the burger menu of a check
based on "Check State of BI Aggregation", the link lead to a none existing
page.
Werk 16615 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Remove websphere_mq plugin
Class: security
Compatible: incomp
Component: checks
Date: 1710155388
Edition: cre
Level: 1
Version: 2.2.0p26
With this Werk the <code>websphere_mq</code> plugin is removed for security reasons.
In this plugin the output of <code>ps</code> is used to determine an argument for
<code>runmqsc</code>. This meant that anybody who can launch processes with an arbitrary
command line could manipulate one argument to <code>runmqsc</code>.
The plugin was already superseded by the agent plugin <code>ibm_mq</code> and deprecated with Werk <a href="https://checkmk.com/werk/10752">10752</a> and version 2.0.0.
Since this plugin is already deprecated and it was not configurable via the
<em>agent bakery</em> we assumed that this plugin is not frequently used. Therefore we
decided to not fix the issue but to push the removal.
We found this vulnerability internally.
<strong>Affected versions</strong>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0
<strong>Mitigations</strong>:
Migrate to the <code>ibm_mq</code> plugin.
<strong>Vulnerability Management</strong>:
We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N</code>.
We assigned CVE-2024-3367 to this vulnerability.
<strong>Changes</strong>:
The plugin was removed.
------------------------------------<diff>-------------------------------------------
Title: Remove websphere_mq plugin
Class: security
- Compatible: compat
? --
+ Compatible: incomp
? ++
Component: checks
Date: 1710155388
Edition: cre
Level: 1
Version: 2.2.0p26
With this Werk the <code>websphere_mq</code> plugin is removed for security reasons.
In this plugin the output of <code>ps</code> is used to determine an argument for
<code>runmqsc</code>. This meant that anybody who can launch processes with an arbitrary
command line could manipulate one argument to <code>runmqsc</code>.
The plugin was already superseded by the agent plugin <code>ibm_mq</code> and deprecated with Werk <a href="https://checkmk.com/werk/10752">10752</a> and version 2.0.0.
Since this plugin is already deprecated and it was not configurable via the
<em>agent bakery</em> we assumed that this plugin is not frequently used. Therefore we
decided to not fix the issue but to push the removal.
We found this vulnerability internally.
<strong>Affected versions</strong>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0
<strong>Mitigations</strong>:
Migrate to the <code>ibm_mq</code> plugin.
<strong>Vulnerability Management</strong>:
We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N</code>.
We assigned CVE-2024-3367 to this vulnerability.
<strong>Changes</strong>:
The plugin was removed.
Title: Opsgenie: Better error handling
Class: fix
Compatible: compat
Component: notifications
Date: 1723465965
Edition: cre
Level: 1
Version: 2.2.0p33
In earlier versions some errors (like authentication failures) lead to a
traceback.
Errors should be shown in a better way now.
Title: Check Point plug-ins: increase detection sensitivity
Class: fix
Compatible: compat
Component: checks
Date: 1723122722
Edition: cre
Level: 1
Version: 2.2.0p32
Some Check Point devices have not been discovered as expected.
We now additionally consider all devices where the system object
identifier points to Check Points enterprise SNMP tree
<em>".1.3.6.1.4.1.2620"</em>.
Title: azure: Handle Azure API rate limit
Class: fix
Compatible: compat
Component: checks
Date: 1723021006
Edition: cre
Level: 1
Version: 2.2.0p32
After the changes in Azure API rate limits, the Azure agent requests to the API
were getting throttled for the big Azure environments.
This fix introduces handling for throttled requests. If the rate limit is reached,
the agent will repeat the request after 5 s. If it fails again, the agent will repeat the request
after another 10 s.
Additionally, the default limits for 'Lower levels for remaining API reads' in
the 'Azure Agent Info' monitoring rule are removed.
Title: brocade_fcport: fix operating speed conversion
Class: fix
Compatible: compat
Component: checks
Date: 1720516941
Edition: cre
Level: 1
Version: 2.2.0p32
This werk affects anyone monitoring Brocade fibre channel ports
by comparing current or average throughput to certain absolute or percentage levels
via the <em>Brocade FibreChannel ports</em> rule.
In the plugin the current operating speed of the interface,
read from the SNMP interface data,
was not properly converted to GByte/s,
the unit of measurement displayed in the interface.
This resulted in an erroneous comparison of values and the related service states.
Title: CPU utilization checking: Alert if utilization is exactly at threshold for too long
Class: fix
Compatible: compat
Component: checks
Date: 1723014220
Edition: cre
Level: 1
Version: 2.2.0p32
Many CPU utilization checks can be configured to alert if the utilization is too high for too long
(configuration options <em>Levels over an extended time period on total CPU utilization</em> and <em>Levels
over an extended time period on a single core CPU utilization</em>).
Before, Checkmk alerted only if the utilization was above the threshold for too long. As of this
werk, Checkmk alerts if the utilization is above or exactly at the threshold for too long. This is
consistent with the general behavior of Checkmk to check against upper thresholds with a "greater
than or equal to" operation.