Werk 17074 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: msexch_database: Use consistent units (ms/s) in rules & graphs
Class: fix
Compatible: compat
Component: checks
Date: 1718695214
Edition: cee
Level: 1
Version: 2.2.0p28
The msexch_database reported its values in ms in the summary/ruleset but
displayed the same value as seconds in the graph. With this werk, all
units will be reported consistently.
------------------------------------<diff>-------------------------------------------
Title: msexch_database: Use consistent units (ms/s) in rules & graphs
Class: fix
Compatible: compat
Component: checks
Date: 1718695214
Edition: cee
Level: 1
- Version: 2.2.0p32
? -
+ Version: 2.2.0p28
? +
The msexch_database reported its values in ms in the summary/ruleset but
displayed the same value as seconds in the graph. With this werk, all
units will be reported consistently.
Werk 14588 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: KUBE: Add missing imported labels
Class: fix
Compatible: compat
Component: checks
Date: 1678092179
Edition: cre
Knowledge: doc
Level: 1
Version: 2.2.0b1
Previously, labels of the form
C+:
cmk/kubernetes/label/{kubernetes-label}
C-:
would not be created for Deployments, DaemonSets and StatefulSets.
------------------------------------<diff>-------------------------------------------
Title: KUBE: Add missing imported labels
Class: fix
Compatible: compat
Component: checks
Date: 1678092179
Edition: cre
Knowledge: doc
Level: 1
- Version: 2.1.0p24
? ^ ^^^
+ Version: 2.2.0b1
? ^ ^^
Previously, labels of the form
C+:
cmk/kubernetes/label/{kubernetes-label}
C-:
would not be created for Deployments, DaemonSets and StatefulSets.
Werk 15194 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Fix command injection via RestAPI / Password Store
Class: security
Compatible: compat
Component: core
Date: 1690985970
Edition: cre
Knowledge: doc
Level: 1
State: unknown
Version: 2.2.0p8
Prior to this Werk, users with the permissions to (a) use the RestAPI, (b) create passwords in the password store, and (c) create active checks were able to run arbitrary commands on the site.
This issue was found during internal code review.
<b>Affected Versions</b>:
LI: 2.0.0
LI: 2.1.0
LI: 2.2.0 prior to version 2.2.0p4
Note that at the point of publishing this Werk and fix, the current version 2.2.0 was already not affected by this issue anymore, as the issue was already mitigated by Werk #15889.
<b>Indicators of Compromise</b>:
Check the password store for passwords with unusual identifiers, review add-password events in the audit log.
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</tt>.
We have assigned CVE <tt>CVE-2023-31209</tt>.
<b>Changes</b>:
This Werk adds proper sanitization of the affected parameter on core commands.
------------------------------------<diff>-------------------------------------------
Title: Fix command injection via RestAPI / Password Store
Class: security
Compatible: compat
Component: core
Date: 1690985970
Edition: cre
Knowledge: doc
Level: 1
State: unknown
- Version: 2.2.0p4
? ^
+ Version: 2.2.0p8
? ^
Prior to this Werk, users with the permissions to (a) use the RestAPI, (b) create passwords in the password store, and (c) create active checks were able to run arbitrary commands on the site.
This issue was found during internal code review.
<b>Affected Versions</b>:
LI: 2.0.0
LI: 2.1.0
LI: 2.2.0 prior to version 2.2.0p4
Note that at the point of publishing this Werk and fix, the current version 2.2.0 was already not affected by this issue anymore, as the issue was already mitigated by Werk #15889.
<b>Indicators of Compromise</b>:
Check the password store for passwords with unusual identifiers, review add-password events in the audit log.
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</tt>.
We have assigned CVE <tt>CVE-2023-31209</tt>.
<b>Changes</b>:
This Werk adds proper sanitization of the affected parameter on core commands.
-
Werk 15714 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Add support for Checkmk Appliance 1.7+
Class: feature
Compatible: compat
Component: distros
Date: 1701285077
Edition: cre
Level: 2
Version: 2.2.0p16
------------------------------------<diff>-------------------------------------------
Title: Add support for Checkmk Appliance 1.7+
Class: feature
Compatible: compat
Component: distros
Date: 1701285077
Edition: cre
Level: 2
- Version: 2.2.0p17
? ^
+ Version: 2.2.0p16
? ^
-
Werk 15711 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Fix execution of local gadgets
Class: fix
Compatible: compat
Component: nagvis
Date: 1696234096
Edition: cre
Knowledge: doc
Level: 1
Version: 2.2.0p11
Gadgets located in the local hierarchy of the site (at local/share/nagvis/htdocs/userfiles/gadgets)
could not be used and resulted in "Forbidden" errors when trying to open them.
------------------------------------<diff>-------------------------------------------
Title: Fix execution of local gadgets
Class: fix
Compatible: compat
Component: nagvis
Date: 1696234096
Edition: cre
Knowledge: doc
Level: 1
- Version: 2.1.0p34
? ^ ^^
+ Version: 2.2.0p11
? ^ ^^
Gadgets located in the local hierarchy of the site (at local/share/nagvis/htdocs/userfiles/gadgets)
could not be used and resulted in "Forbidden" errors when trying to open them.
Werk 14875 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: shadow hosts custom attributes doesn't disappear anymore
Class: fix
Compatible: compat
Component: config
Date: 1666099210
Edition: cee
Knowledge: doc
Level: 2
Version: 2.2.0b1
Previously, shadow hosts custom attributes were ignored during
config generation.
With this release the problem has been eliminated.
------------------------------------<diff>-------------------------------------------
Title: shadow hosts custom attributes doesn't disappear anymore
Class: fix
Compatible: compat
Component: config
Date: 1666099210
Edition: cee
Knowledge: doc
Level: 2
- Version: 2.1.0p15
? ^ ^ -
+ Version: 2.2.0b1
? ^ ^
- Previously, shadow hosts custom attributes were ignored during
? -
+ Previously, shadow hosts custom attributes were ignored during
config generation.
With this release the problem has been eliminated.
-
Title: mssql_availability_groups: Parsing of section failed
Class: fix
Compatible: compat
Component: checks
Date: 1722418114
Edition: cre
Level: 1
Version: 2.2.0p32
Provided with invalid lines `parse_mssql_availability_groups()` would crash with an exception
```
IndexError: list index out of range
```
Resulting in `Parsing of section mssql_availability_groups` error message in UI.
This change makes `parse_mssql_availability_groups()` resilient to those lines by just
ignoring them.
Title: mssql_availability_groups: Parsing of section failed
Class: fix
Compatible: compat
Component: checks
Date: 1722418114
Edition: cre
Level: 1
Version: 2.2.0p32
Provided with invalid lines `parse_mssql_availability_groups()` would crash with an exception
```
IndexError: list index out of range
```
Resulting in `Parsing of section mssql_availability_groups` error message in UI.
This change makes `parse_mssql_availability_groups()` resilient to those lines by just
ignoring them.
Title: Re-introduce missing requirement documentation for interface check
Class: fix
Compatible: compat
Component: checks
Date: 1722352726
Edition: cre
Level: 1
Version: 2.1.0p47
During consolidation of various interface checks, necessary
prerequisites for the Solaris and HP-UX were omitted from the
documentation.
In this werk, https://checkmk.com/integrations/interfaces is updated
include the necessary prerequisites to monitor network interfaces on all
operating systems again.
Title: users: allow user edit saving when 'authorized_sites' attribute is locked
Class: fix
Compatible: compat
Component: wato
Date: 1722254929
Edition: cre
Level: 1
Version: 2.2.0p32
Prior to this werk, an error occurred when attempting to save the user edit
page if the 'authorized_sites' attribute was locked. This werk resolves the issue.