Title: "Always up" hosts can always notify
Class: fix
Compatible: compat
Component: core
Date: 1699884551
Edition: cee
Knowledge: undoc
Level: 1
State: unknown
Version: 2.1.0p37
Do not postpone notifications for "always up" hosts.
The notification logic would wrongly assume that "always up" hosts may,
in fact, be down and erroneously postpone notifications. This has been
fixed, such hosts are never down.
Title: dcd handle connection failure during phase 1.1 more leniently
Class: fix
Compatible: compat
Component: dcd
Date: 1699533379
Edition: cee
Knowledge: doc
Level: 1
Version: 2.1.0p37
In some cases, it is possible that the connection fails
when the dcd attempts to fetch the result from a remote site
during phase 1.1. This werk introduces proper error handling
for such scenarios in order to prevent any unexpected
follow-up behaviour.
Title: agent_elasticsearch: resolve error when requesting indices stats
Class: fix
Compatible: compat
Component: checks
Date: 1699277518
Edition: cre
Knowledge: undoc
Level: 1
State: unknown
Version: 2.1.0p37
There is a special error case which arises when trying to request the
indices stats from Elasticsearch which has at least one alias
pointing to a closed index. In the previous version, the special agent
completely failed in such scenarios. This werk resolves this by
requesting only the accessible indices.
Title: Resolve Runas section in Checkmk Linux agent
Class: fix
Compatible: compat
Component: checks
Date: 1699515827
Edition: cre
Knowledge: undoc
Level: 1
State: unknown
Version: 2.2.0p15
Prior to this werk, the Runas section of the Checkmk agent
contained a wrong trailing slash which resulted in an error
with the find command. As a direct consequence, some or
potentially all Runas rules were inadvertently ignored, leading
to the plugin, not intended for root, being executed with root
privileges. This werk fixes this behaviour.
Title: Limit length of Hostname
Class: security
Compatible: compat
Component: wato
Date: 1699601325
Edition: cre
Knowledge: undoc
Level: 1
State: unknown
Version: 2.2.0p15
Prior to this Werk it was possible to create Hosts with arbitrary length.
Since Checkmk stores information in files which paths contain the hostname these path could exceed the allowed length leading to various errors to an extend that rendered the usage of parts of the GUI useless.
We found this vulnerability internally.
<b>Affected Versions</b>:
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 2.7 (Low) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L</tt>.
We assigned CVE-2023-23549 to this vulnerability.
<b>Changes</b>:
This Werk adds a maximum length of 253 characters for the hostname.
Title: audit log: Add options to hide object and object type
Class: feature
Compatible: compat
Component: wato
Date: 1699875661
Edition: cre
Knowledge: undoc
Level: 1
State: unknown
Version: 2.2.0p15
This werk introduces the option to toggle the 'object' and
'object type' columns in the audit log table.
Title: No longer sporadically report stale services which are based on piggyback data
Class: fix
Compatible: compat
Component: checks
Date: 1699980710
Edition: cre
Knowledge: doc
Level: 1
Version: 2.2.0p15
If the check interval of a host was greater than 1 minute, any of its reported piggyback data
was at risk of being ignored by the target host because of being too old.
Title: Prevent LDAP users from disappearing at remote sites
Class: fix
Compatible: compat
Component: multisite
Date: 1699364878
Edition: cre
Knowledge: doc
Level: 1
Version: 2.2.0p15
If a remote site had ldap connectors specified, which where not available at the central site,
the users on the remote site were regularly removed during activate changes.
This error was not always clearly visible, as the ldap users were resynchronised immediately after activate changes.
However, this introduced race conditions, such as users not known to the monitoring core or automatic logouts at the remote site.
Werk 16145 was deleted. The following Werk is no longer relevant.
Title: "Always up" hosts can always notify
Class: fix
Compatible: compat
Component: core
Date: 1699884551
Edition: cee
Knowledge: undoc
Level: 1
State: unknown
Version: 2.2.0p15
Do not postpone notifications for "always up" hosts.
The notification logic would wrongly assume that "always up" hosts may,
in fact, be down and erroneously postpone notifications. This has been
fixed, such hosts are never down.
Title: "Always up" hosts can always notify
Class: fix
Compatible: compat
Component: core
Date: 1699884551
Edition: cee
Knowledge: undoc
Level: 1
State: unknown
Version: 2.2.0p15
Do not postpone notifications for "always up" hosts.
The notification logic would wrongly assume that "always up" hosts may,
in fact, be down and erroneously postpone notifications. This has been
fixed, such hosts are never down.