Werk 15715 was deleted. The following Werk is no longer relevant.
Title: agent_proxmox_ve: Use statically configured IP address if set
Class: fix
Compatible: compat
Component: checks
Date: 1701627600
Edition: cre
Level: 1
Version: 2.3.0b1
The special agent always used the hostname to connect to the Proxmox VE host, even in case the host
address was configured explicitly.
Title: notification rule: update rule no longer creates a new rule
Class: fix
Compatible: compat
Component: rest-api
Date: 1702294645
Edition: cre
Level: 1
Version: 2.3.0b1
This werk addresses an issue found when updating a rule via
the REST-API. Previously, it would instead of updating an existing
rule, create a new one. We now update the existing rule as
would be expected.
Title: Privilege escalation in Agent
Class: security
Compatible: compat
Component: checks
Date: 1701938773
Edition: cre
Level: 2
Version: 2.3.0b1
In order to monitor livestatus from running sites on a host the Checkmk agent uses unixcat that is part of Checkmk.
Since the binary is linked to libraries that are also part of Checkmk and may differ from the libraries of the operating system calling unixcat outside of the scope of a site could result to errors due to version mismatches in these libraries.
To use the correct libraries in Checkmk 2.2.0p10 a fix was introduced to add the libraries from the site to the call in the agent.
Since the lib folder within a site is writable by the site a rogue site could inject malicious libraries into the unixcat call from the agent that is executed as root leading to a privilege escalation.
We thank Jan-Philipp Litza for reporting this issue.
<b>Affected Versions</b>:
LI: since 2.2.0p10
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector:
<tt>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H</tt>.
We assigned CVE-2023-31210 to this vulnerability.
<b>Changes</b>:
This Werk changes the library path from the site to the version files, which are only root-writable.
Werk 16033 was deleted. The following Werk is no longer relevant.
Title: Unable to create crash report
Class: fix
Compatible: compat
Component: checks
Date: 1701086091
Edition: cre
Level: 1
Version: 2.3.0b1
When custom check plugins that used tuples as dictionary keys in the section crashed,
the crash creation failed and crashed itself.
Now the crash creation no longer fails and the crash is created successfully.
Werk 16159 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: linux-bonding: introduce check for expected bonding mode
Class: feature
Compatible: incomp
Component: checks
Date: 1698999268
Edition: cre
Level: 1
Version: 2.3.0b1
The service monitoring rule "Linux monitoring service status"
was previously being used for both Linux and OVS. This werk
now splits this rule in two. We now have the following rules.
Bonding interface status
OVS bonding interface status
The reason behind this, is that we have now introduced an
expected mode configuration parameter only for the Linux
rule. So you are now able to select the expected bonding
mode and the state you want to display when this condition
is not met.
Actions:
Case 1: Rule configured for linux
Action: do nothing.
Case 2: Rule configured for OVS
Action: All previously configured rules will now appear as
Linux Bonding interface status rules. Therefore you will
have to delete them and create new "OVS Bonding interface
status" rules.
------------------------------------<diff>-------------------------------------------
Title: linux-bonding: introduce check for expected bonding mode
Class: feature
Compatible: incomp
Component: checks
Date: 1698999268
Edition: cre
Level: 1
Version: 2.3.0b1
The service monitoring rule "Linux monitoring service status"
was previously being used for both Linux and OVS. This werk
now splits this rule in two. We now have the following rules.
- Linux bonding interface status -> Linux
- Bonding interface status -> OVS
? -------
+ Bonding interface status
+ OVS bonding interface status
The reason behind this, is that we have now introduced an
expected mode configuration parameter only for the Linux
rule. So you are now able to select the expected bonding
mode and the state you want to display when this condition
is not met.
+ Actions:
- This also means that there is a change to the configuration.
- So, if you currently have the "Linux bonding interface status"
- rule configured, the actions you have to take are the
- following
Case 1: Rule configured for linux
- Action: The config update process will handle the update.
+ Action: do nothing.
Case 2: Rule configured for OVS
- Action: All previously configured rules will now appear
+ Action: All previously configured rules will now appear as
? +++
- as Linux Bonding interface status rules. Therefore you
? ---
+ Linux Bonding interface status rules. Therefore you will
? +++++
- will have to delete them and create new "Bonding interface
? -----
+ have to delete them and create new "OVS Bonding interface
? ++++
status" rules.
+
Title: Unable to create crash report
Class: fix
Compatible: compat
Component: checks
Date: 1701086091
Edition: cre
Level: 1
Version: 2.3.0b1
When custom check plugins that used tuples as dictionary keys in the section crashed,
the crash creation failed and crashed itself.
Now the crash creation no longer fails and the crash is created successfully.
Werk 16229 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Build Checkmk for Ubuntu-23.10 (mantic minotaur)
Class: feature
Compatible: compat
Component: omd
Date: 1699612013
Edition: cre
Knowledge: undoc
Level: 1
State: unknown
Version: 2.1.0p38
With this werk, we deliver builds for Ubuntu-23.10.
<b>PLEASE NOTE:</b>
This will be the last STS Ubuntu version we will provide to the public.
Have a look at https://docs.checkmk.com/latest/en/update_matrix.html#ossupport
------------------------------------<diff>-------------------------------------------
Title: Build Checkmk for Ubuntu-23.10 (mantic minotaur)
Class: feature
Compatible: compat
Component: omd
Date: 1699612013
Edition: cre
Knowledge: undoc
Level: 1
State: unknown
- Version: 2.1.0p37
? ^
+ Version: 2.1.0p38
? ^
With this werk, we deliver builds for Ubuntu-23.10.
<b>PLEASE NOTE:</b>
This will be the last STS Ubuntu version we will provide to the public.
Have a look at https://docs.checkmk.com/latest/en/update_matrix.html#ossupport
Werk 16299 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Fix inconsistent interaction for graphs in dashboards
Class: fix
Compatible: compat
Component: multisite
Date: 1700147621
Edition: cre
Level: 1
Version: 2.1.0p38
The mouse interaction (zooming, scrolling etc.) for graphs in dashboards only worked sporadically
and at seemingly random points.
------------------------------------<diff>-------------------------------------------
Title: Fix inconsistent interaction for graphs in dashboards
Class: fix
Compatible: compat
Component: multisite
Date: 1700147621
Edition: cre
Level: 1
- Version: 2.1.0p37
? ^
+ Version: 2.1.0p38
? ^
The mouse interaction (zooming, scrolling etc.) for graphs in dashboards only worked sporadically
and at seemingly random points.
Title: Cease to provide builds for Ubuntu 22.10 (Kinetic Kudu)
Class: fix
Compatible: incomp
Component: omd
Date: 1700665071
Edition: cre
Level: 1
Version: 2.1.0p38
With this werk, we cease to deliver builds for Ubuntu 22.10.
Since Ubuntu 22.10 is out of support since August 2023, it is necessary to upgrade to Ubuntu 23.04 or 23.10 before installing upcoming Checkmk builds.