Title: "Always up" hosts can always notify
Class: fix
Compatible: compat
Component: core
Date: 1699884551
Edition: cee
Level: 1
Version: 2.3.0b1
Do not postpone notifications for "always up" hosts.
The notification logic would wrongly assume that "always up" hosts may,
in fact, be down and erroneously postpone notifications. This has been
fixed, such hosts are never down.
Werk 15984 was deleted. The following Werk is no longer relevant.
Title: Introduce Saas edition werks
Class: feature
Compatible: compat
Component: packages
Date: 1689234864
Edition: cse
Knowledge: undoc
Level: 1
Version: 2.3.0b1
We can write saas edition werks now
Werk 16145 was deleted. The following Werk is no longer relevant.
Title: "Always up" hosts can always notify
Class: fix
Compatible: compat
Component: core
Date: 1699884551
Edition: cee
Level: 1
Version: 2.3.0b1
Do not postpone notifications for "always up" hosts.
The notification logic would wrongly assume that "always up" hosts may,
in fact, be down and erroneously postpone notifications. This has been
fixed, such hosts are never down.
Title: Change factory setting for "Lock user accounts after N logon failures"
Class: feature
Compatible: incomp
Component: wato
Date: 1700034155
Edition: cre
Level: 1
Version: 2.3.0b1
The factory setting for the rule "Lock user accounts after N logon failures" changes from `unset` to `10`.
If enabled local user accounts are locked after N failed login attempts. (LDAP connected users are not affected.)
Previous to this Werk a newly created site set this value to `10` but when reset to the factory setting the option was disabled.
If you disabled this setting via "Reset to default" this setthing is now set to `10` again.
Title: Prevent LDAP users from disappearing at remote sites
Class: fix
Compatible: compat
Component: multisite
Date: 1699364878
Edition: cre
Level: 1
Version: 2.3.0b1
If a remote site had ldap connectors specified, which where not available at the central site,
the users on the remote site were regularly removed during activate changes.
This error was not always clearly visible, as the ldap users were resynchronised immediately after activate changes.
However, this introduced race conditions, such as users not known to the monitoring core or automatic logouts at the remote site.
Title: No longer sporadically report stale services which are based on piggyback data
Class: fix
Compatible: compat
Component: checks
Date: 1699980710
Edition: cre
Level: 1
Version: 2.3.0b1
If the check interval of a host was greater than 1 minute, any of its reported piggyback data
was at risk of being ignored by the target host because of being too old.
Title: "Always up" hosts can always notify
Class: fix
Compatible: compat
Component: core
Date: 1699884551
Edition: cee
Level: 1
Version: 2.3.0b1
Do not postpone notifications for "always up" hosts.
The notification logic would wrongly assume that "always up" hosts may,
in fact, be down and erroneously postpone notifications. This has been
fixed, such hosts are never down.
Title: Resolve Runas section in Checkmk Linux agent
Class: fix
Compatible: compat
Component: checks
Date: 1699515827
Edition: cre
Knowledge: undoc
Level: 1
State: unknown
Version: 2.1.0p37
Prior to this werk, the Runas section of the Checkmk agent
contained a wrong trailing slash which resulted in an error
with the find command. As a direct consequence, some or
potentially all Runas rules were inadvertently ignored, leading
to the plugin, not intended for root, being executed with root
privileges. This werk fixes this behaviour.
Title: Limit length of Hostname
Class: security
Compatible: compat
Component: wato
Date: 1699601325
Edition: cre
Knowledge: undoc
Level: 1
State: unknown
Version: 2.1.0p37
Prior to this Werk it was possible to create Hosts with arbitrary length.
Since Checkmk stores information in files which paths contain the hostname these path could exceed the allowed length leading to various errors to an extend that rendered the usage of parts of the GUI useless.
We found this vulnerability internally.
<b>Affected Versions</b>:
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 2.7 (Low) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L</tt>.
We assigned CVE-2023-23549 to this vulnerability.
<b>Changes</b>:
This Werk adds a maximum length of 253 characters for the hostname.
Werk 16145 was deleted. The following Werk is no longer relevant.
Title: "Always up" hosts can always notify
Class: fix
Compatible: compat
Component: core
Date: 1699884551
Edition: cee
Knowledge: undoc
Level: 1
State: unknown
Version: 2.1.0p37
Do not postpone notifications for "always up" hosts.
The notification logic would wrongly assume that "always up" hosts may,
in fact, be down and erroneously postpone notifications. This has been
fixed, such hosts are never down.