[//]: # (werk v2)
# Fix Cisco Meraki missing services
key | value
---------- | ---
date | 2024-08-27T09:38:07+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
In some rare cases, when using the Cisco Meraki Special Agent, certain services such as temperature
sensors or device status may be missing. This happened when no device name was configured for a
particular device.
These devices are now added to the main host on which the Cisco Meraki integration is configured.
If you want to monitor the device as a separate piggyback host, you must configure a name for that
device.
The missing services must be discovered by running a service discovery on the main host.
[//]: # (werk v2)
# Handle years in ntp output
key | value
---------- | ---
date | 2024-08-27T11:12:57+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
This werk affects you, in case your last `ntpq` synchronization was indeed more than a year ago.
A potential check crash traceback looks like:
```
File "/omd/sites/SITE/lib/python3/cmk/base/plugins/agent_based/ntp.py", line 67, in _ntp_fmt_time
return int(raw)
ValueError: invalid literal for int() with base 10: '3y'
```
The year case is now handled in the parse function.
[//]: # (werk v2)
# mk_postgres: Adapt environment file parsing
key | value
---------- | ---
date | 2024-01-31T10:45:29+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Reading variables from the environment file was adapted:
Lines starting with `#` will now be ignored.
[//]: # (werk v2)
# Skip unnecessary site activations when editing users
key | value
---------- | ---
date | 2024-08-15T06:18:56+00:00
version | 2.4.0b1
class | fix
edition | cre
component | wato
level | 1
compatible | yes
Previously, any changes to users required site activations on all
existing sites. This created a lot of unnecessary activations where
users only exist on certain sites.
With this werk, only the sites associated with the changed users require
an activation.
[//]: # (werk v2)
# systemd_units_*_summary: Support units without description
key | value
---------- | ---
date | 2024-08-20T13:41:37+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
The parser assumed that there is always a description, but systemd seems to be
okay with units without description.
The units were still detected but some service details were missing, for example
how long the service was in a temporary state.
[//]: # (werk v2)
# systemd_units_*_summary: Handle reloading units correctly
key | value
---------- | ---
date | 2024-08-20T13:34:14+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Reloading systemd units were not handle correctly: They were always in the state
specified in "Monitoring state for any other unit state" (CRIT by default) and
ignored the "Tolerance period for 'reloading' state" configuration (30/60
seconds by default)
[//]: # (werk v2)
# REST-API: Add inventory paths to contact group endpoints
key | value
---------- | ---
date | 2024-08-20T12:35:21+00:00
version | 2.4.0b1
class | feature
edition | cre
component | rest-api
level | 1
compatible | yes
All contact group endpoints now support the configuration of the permitted
inventory paths.
[//]: # (werk v2)
# REST-API: Include customer in list group endpoints
key | value
---------- | ---
date | 2024-08-19T14:36:04+00:00
version | 2.4.0b1
class | feature
edition | cme
component | rest-api
level | 1
compatible | yes
The list endpoints for Contact, Host and Service groups now include the
customer configuration.
[//]: # (werk v2)
# Fix XSS in view page with SLA column
key | value
---------- | ---
date | 2024-08-15T12:15:13+00:00
version | 2.4.0b1
class | security
edition | cee
component | wato
level | 1
compatible | yes
Prior to this werk, the SLA (Service Level Agreement) titles were being rendered as HTML in the view page without proper escaping, leading to a potential XSS vulnerability.
**Affected Versions**:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
**Indicators of Compromise**:
Cloning the view page of untrusted users who have injected HTML into the SLA titles.
**Vulnerability Management**:
We have rated the issue with a CVSS score of 4.8 (medium) with the following CVSS vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N`, and assigned `CVE-2024-38859`.
[//]: # (werk v2)
# REST-API: error 500 on service discovery when disabling active or custom checks
key | value
---------- | ---
date | 2024-08-26T07:59:27+00:00
version | 2.4.0b1
class | fix
edition | cre
component | rest-api
level | 1
compatible | yes
When disabling an active or custom check and running the service discovery via
the REST-API, for example with the
```
/domain-types/service_discovery_run/actions/start/invoke
```
endpoint, this would cause an error 500 to be returned.
Now, the service discovery via the REST-API works as expected.