ID: 15584
Title: mk_docker: Added podman support
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.3.0b1
Added podman support in mk_docker.py.
This way the plugin ends in case it is being executed on a non docker or podman host.
ID: 13982
Title: Reading host_config's will now honour contact groups
Component: REST API
Level: 1
Class: Security fix
Version: 2.3.0b1
Prior to this Werk it was possible for a user to read a hosts configuration
(using GET on '/objects/host_config/<host_name>') even if that user was not
in the contact group of that host.
The REST-API will correctly check a users permissions before serving a response
in that case and report a 403 error if the user cannot access the host's config.
<b>Affected Versions</b>:
LI: 2.2.0 (beta)
LI: 2.1.0
<b>Vulnerability Management</b>:
We calculated a CVSS 3.1 score of 4.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
We assigned CVE-2023-22348 to this vulnerability.
We found this vulnerability internally and have no indication of any exploitation.
ID: 15699
Title: Deprecate Agent Updater v1.6.0
Component: agents
Level: 1
Class: Bug fix
Version: 2.3.0b1
Starting with Checkmk 2.3.0, the Checkmk server won't be able to communicate with an Agent Updater of version 1.6.0 or lower.
The reason for this is that starting with Checkmk 2.0.0, the internal protocol for updating agents has changed.<br>
While we have maintained the old protocol up to and including Checkmk 2.2.0, we are now finally deprecating it as of Checkmk 2.3.0.
As a consequence, an Agent Updater v1.6.0 or lower won't be able to either register or update agents anymore, neither automatically, nor manually.<br>
Please make sure to update all installed agent packages on all hosts to at least v2.0.0 before upgrading the Checkmk server to Checkmk 2.3.0.
Note: The Checkmk agent package, including the agent updater if it is configured, will be given the same version as the Checkmk site on which it was baked.<br>
It is therefore sufficient to update agents (automatically or manually) with an active Checkmk 2.0.0, 2.1.0 or 2.2.0 server installed.
ID: 13269
Title: check_mail_loop: AssertionError when using PasswordStore
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.1.0p28
A leftover Python `assert` statement dealing with plaintext passwords only led to fatal AssertionError
when using PasswordStore instead of plaintext passwords.
This change simply removes those statements as already done on newer branches.
ID: 15734
Title: Unix agents: Fix asynchronous plugin execution via xinetd and ssh
Component: agents
Level: 1
Class: Bug fix
Version: 2.1.0p28
When triggered via xinetd or ssh, the agents for AIX, FreeBSD, Linux, OpenWRT and Solaris were not
able to execute asynchronous plugins and local checks in the background. Instead, the agents kept on
running until the supposedly asynchronous tasks were completed or a timeout or occured. In the
latter case, the following error message was displayed by the <i>Check_MK</i> services of affected
hosts:
C+:
MKTimeout('Fetcher for host ... timed out after 60 seconds')
C-:
ID: 15474
Title: rds_licenses: Windows Server 2022 enabled in RDS Licenses check
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.3.0b1
RDS Licenses now additionally checks Windows Server 2022 licenses.
ID: 15394
Title: cisco_meraki_org_licenses_overview: Fix discovery
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.3.0b1
The services {{Cisco Meraki Licenses}} were not discovered due to missing
information about the related organisation.