[//]: # (werk v2)
# REST-API: Include customer in list group endpoints
key | value
---------- | ---
date | 2024-08-19T14:36:04+00:00
version | 2.3.0p14
class | feature
edition | cme
component | rest-api
level | 1
compatible | yes
The list endpoints for Contact, Host and Service groups now include the
customer configuration.
[//]: # (werk v2)
# Fix XSS in view page with SLA column
key | value
---------- | ---
date | 2024-08-15T12:15:13+00:00
version | 2.3.0p14
class | security
edition | cee
component | wato
level | 1
compatible | yes
Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML in the view page without proper escaping, leading to a potential XSS vulnerability.
**Affected Versions**:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
**Indicators of Compromise**:
Cloning the view page of untrusted users who have injected HTML into the SLA titles.
**Vulnerability Management**:
We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N`, and assigned `CVE-2024-38859`.
[//]: # (werk v2)
# REST-API: error 500 on service discovery when disabling active or custom checks
key | value
---------- | ---
date | 2024-08-26T07:59:27+00:00
version | 2.3.0p14
class | fix
edition | cre
component | rest-api
level | 1
compatible | yes
When disabling an active or custom check and running the service discovery via
the REST-API, for example with the
```
/domain-types/service_discovery_run/actions/start/invoke
```
endpoint, this would cause an error 500 to be returned.
Now, the service discovery via the REST-API works as expected.
[//]: # (werk v2)
# Fix select comment removal removing all comments for acknowledgements
key | value
---------- | ---
compatible | yes
version | 2.3.0p14
date | 2024-08-22T11:00:17+00:00
level | 1
class | fix
component | wato
edition | cre
When selecting and removing Acknowledgement-type comments, all non-persistent
acknowledgement comments were removed for the respective host or service, even
if they were not selected.
With this werk, only the selected comments are removed in every case. This
allows you to selectively remove acknowledgement comments without resetting the
acknowledgement status of the host or service, as long as other acknowledgement
comments are present.
The acknowledgement status is reset once all acknowledgement comments are
removed.
[//]: # (werk v2)
# chrony: change default warning level
key | value
---------- | ---
date | 2024-08-19T06:14:01+00:00
version | 2.3.0p14
class | fix
edition | cre
component | checks
level | 1
compatible | no
Chrony's default `minpoll` and `maxpoll` values are 64 seconds and 1024 seconds.
In standard situations (good internet connection, low error etc)
the interval between polls should stick near the max value (1024 seconds).
(see `https://chrony-project.org/examples.html#_client_using_public_servers`)
Beacuse of that, the default WARN alert is now set to 1025 seconds.
[//]: # (werk v2)
# Container: Support setting custom timezone
key | value
---------- | ---
date | 2024-08-21T15:44:20+00:00
version | 2.3.0p14
class | feature
edition | cre
component | packages
level | 1
compatible | yes
The checkmk containers now support setting the TZ variable for a container to specify what timezone the site should use.
The timezone information is then set for the site running inside the container.
This removes the need to mount timezone files from the host machine into a docker container.
[//]: # (werk v2)
# Make Microsoft IIS monitoring locale independent
key | value
---------- | ---
date | 2024-07-24T12:52:15+00:00
version | 2.3.0p14
class | fix
edition | cre
component | checks
level | 1
compatible | no
Previously, the agent requesting the IIS App Pool state was hard-coded
to work only on host machines localized in English.
In this werk, the agent has been updated to work independently of host
system locale.
**Incompatible Change:**
You have to redeploy the agent plugin in order to apply this feature.
[//]: # (werk v2)
# infoblox_systeminfo: Fix error 'asdict() should be called on dataclass instances' during HW/SW inventory
key | value
---------- | ---
date | 2024-08-21T06:14:48+00:00
version | 2.3.0p14
class | fix
edition | cre
component | inv
level | 1
compatible | yes
[//]: # (werk v2)
# Microsoft Teams: Fix notifications not being displayed
key | value
---------- | ---
date | 2024-08-21T06:48:08+00:00
version | 2.3.0p14
class | fix
edition | cre
component | notifications
level | 1
compatible | yes
Werk #17178 updated the way notifications are displayed in MS Teams.
Unfortunately this caused them to not be displayed at all due to a version
incompatibility in the AdaptiveCard. The issue is now resolved.
Werk 16120 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# Fixed value of downtimes:is_pending column
key | value
---------- | ---
date | 2024-08-14T12:04:03+00:00
version | 2.3.0p13
class | fix
edition | cre
component | livestatus
level | 1
compatible | yes
The value of the "is_pending" column in the "downtimes" Livestatus table was
inverted, which was a regression since 2.2. This has been fixed.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
- # Fixed value of dowtimes:is_pending column
+ # Fixed value of downtimes:is_pending column
? +
key | value
---------- | ---
date | 2024-08-14T12:04:03+00:00
version | 2.3.0p13
class | fix
edition | cre
component | livestatus
level | 1
compatible | yes
The value of the "is_pending" column in the "downtimes" Livestatus table was
inverted, which was a regression since 2.2. This has been fixed.