Werk 16043 was deleted. The following Werk is no longer relevant.
Title: check_mail and check_mail_loop: Enable EWS and OAuth2
Class: feature
Compatible: compat
Component: checks
Date: 1697097112
Edition: cre
Knowledge: doc
Level: 1
State: unknown
Version: 2.1.0p36
In response to the <a href="https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-o…">deprecation of basic authentication</a> for Microsoft mail services, EWS and OAuth2 are enabled for the active checks check_mail ("Check Email") and check_mail_loop ("Check Email Delivery"), as was done for check_mailboxes ("Check IMAP/EWS Mailboxes") already.
Users can now configure their respective check rules to fetch (and in case of check_mail_loop send) mails via EWS and OAuth2.
Note that some command line options for the underlying active check commands have changed. So for calling these checks directly from the command line, users will need to look into the command usage help to find the updated options. Check configurations set up in the UI, however, are migrated to the new structure and thus need no further action.
Title: rule_notifications: allow 3rd party plugins via the REST-API
Class: fix
Compatible: compat
Component: rest-api
Date: 1696857473
Edition: cre
Knowledge: doc
Level: 1
State: unknown
Version: 2.2.0p13
This werk introduces a fix that allows rule notifications to use
3rd party / custom plugins.
Werk 15099 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: crash when calling bulk-delete via the REST API
Class: fix
Compatible: compat
Component: rest-api
Date: 1696950736
Edition: cre
Knowledge: doc
Level: 1
State: unknown
Version: 2.2.0p13
Previously, when doing a bulk_delete operation via the REST API,
an exception could occur under certain conditions, most notably
one where the DCD (Dynamic Configuration Daemon) is configured
to automatically delete hosts without piggyback data.
If the error occured, in the logs these lines are occuring:
<pre>
PermissionError: Required permissions not declared for this endpoint.
Endpoint: >Endpoint cmk.gui.plugins.openapi.endpoints.host_config:bulk_delete>
Permission: general.see_all
Used permission: {'wato.all_folders', 'general.see_all', 'wato.manage_hosts'}
Declared: AllPerm([{wato.manage_hosts}, {wato.all_folders}?)
</pre>
This werk fixes this problem.
------------------------------------<diff>-------------------------------------------
Title: crash when calling bulk-delete via the REST API
Class: fix
Compatible: compat
Component: rest-api
Date: 1696950736
Edition: cre
Knowledge: doc
Level: 1
State: unknown
- Version: 2.2.0p12
? ^
+ Version: 2.2.0p13
? ^
Previously, when doing a bulk_delete operation via the REST API,
an exception could occur under certain conditions, most notably
one where the DCD (Dynamic Configuration Daemon) is configured
to automatically delete hosts without piggyback data.
If the error occured, in the logs these lines are occuring:
<pre>
PermissionError: Required permissions not declared for this endpoint.
Endpoint: >Endpoint cmk.gui.plugins.openapi.endpoints.host_config:bulk_delete>
Permission: general.see_all
Used permission: {'wato.all_folders', 'general.see_all', 'wato.manage_hosts'}
Declared: AllPerm([{wato.manage_hosts}, {wato.all_folders}?)
</pre>
This werk fixes this problem.
Title: check_mail and check_mail_loop: Enable EWS and OAuth2
Class: feature
Compatible: compat
Component: checks
Date: 1697097112
Edition: cre
Knowledge: doc
Level: 1
State: unknown
Version: 2.1.0p36
In response to the <a href="https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-o…">deprecation of basic authentication</a> for Microsoft mail services, EWS and OAuth2 are enabled for the active checks check_mail ("Check Email") and check_mail_loop ("Check Email Delivery"), as was done for check_mailboxes ("Check IMAP/EWS Mailboxes") already.
Users can now configure their respective check rules to fetch (and in case of check_mail_loop send) mails via EWS and OAuth2.
Note that some command line options for the underlying active check commands have changed. So for calling these checks directly from the command line, users will need to look into the command usage help to find the updated options. Check configurations set up in the UI, however, are migrated to the new structure and thus need no further action.
Title: crash when calling bulk-delete via the REST API
Class: fix
Compatible: compat
Component: rest-api
Date: 1696950736
Edition: cre
Knowledge: doc
Level: 1
State: unknown
Version: 2.1.0p36
Previously, when doing a bulk_delete operation via the REST API,
an exception could occur under certain conditions, most notably
one where the DCD (Dynamic Configuration Daemon) is configured
to automatically delete hosts without piggyback data.
If the error occured, in the logs these lines are occuring:
<pre>
PermissionError: Required permissions not declared for this endpoint.
Endpoint: >Endpoint cmk.gui.plugins.openapi.endpoints.host_config:bulk_delete>
Permission: general.see_all
Used permission: {'wato.all_folders', 'general.see_all', 'wato.manage_hosts'}
Declared: AllPerm([{wato.manage_hosts}, {wato.all_folders}?)
</pre>
This werk fixes this problem.
Werk 15713 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: NagVis: Updated to 1.9.38
Class: security
Compatible: compat
Component: packages
Date: 1697312456
Edition: cre
Knowledge: doc
Level: 1
Version: 2.1.0p35
NagVis 1.9.38 fixes a XSS issue
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.4 (High) with the following CVSS vector:
<tt>CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 8.4</tt>.
<b>Changes</b>:
This Werk introduces escaping for the vulnerable parameter.
------------------------------------<diff>-------------------------------------------
Title: NagVis: Updated to 1.9.38
Class: security
Compatible: compat
Component: packages
Date: 1697312456
Edition: cre
Knowledge: doc
Level: 1
Version: 2.1.0p35
+ NagVis 1.9.38 fixes a XSS issue
+ <b>Vulnerability Management</b>:
+ We have rated the issue with a CVSS Score of 8.4 (High) with the following CVSS vector:
+ <tt>CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 8.4</tt>.
+ <b>Changes</b>:
+ This Werk introduces escaping for the vulnerable parameter.
+
Title: crash when calling bulk-delete via the REST API
Class: fix
Compatible: compat
Component: rest-api
Date: 1696950736
Edition: cre
Knowledge: doc
Level: 1
State: unknown
Version: 2.2.0p12
Previously, when doing a bulk_delete operation via the REST API,
an exception could occur under certain conditions, most notably
one where the DCD (Dynamic Configuration Daemon) is configured
to automatically delete hosts without piggyback data.
If the error occured, in the logs these lines are occuring:
<pre>
PermissionError: Required permissions not declared for this endpoint.
Endpoint: >Endpoint cmk.gui.plugins.openapi.endpoints.host_config:bulk_delete>
Permission: general.see_all
Used permission: {'wato.all_folders', 'general.see_all', 'wato.manage_hosts'}
Declared: AllPerm([{wato.manage_hosts}, {wato.all_folders}?)
</pre>
This werk fixes this problem.
Werk 15713 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: NagVis: Updated to 1.9.38
Class: security
Compatible: compat
Component: packages
Date: 1697312456
Edition: cre
Knowledge: doc
Level: 1
Version: 2.2.0p12
NagVis 1.9.38 fixes a XSS issue
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.4 (High) with the following CVSS vector:
<tt>CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 8.4</tt>.
<b>Changes</b>:
This Werk introduces escaping for the vulnerable parameter.
------------------------------------<diff>-------------------------------------------
Title: NagVis: Updated to 1.9.38
Class: security
Compatible: compat
Component: packages
Date: 1697312456
Edition: cre
Knowledge: doc
Level: 1
Version: 2.2.0p12
+ NagVis 1.9.38 fixes a XSS issue
+ <b>Vulnerability Management</b>:
+ We have rated the issue with a CVSS Score of 8.4 (High) with the following CVSS vector:
+ <tt>CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 8.4</tt>.
+ <b>Changes</b>:
+ This Werk introduces escaping for the vulnerable parameter.
+