ID: 14685
Title: Fixed real-time checks with encryption
Component: cmc
Level: 2
Class: Bug fix
Version: 2.2.0i1
Real-time check data which contains a 0-byte was not processed correctly, so
this mainly affected encrypted RTC data. This has been fixed.
Note that even normal check results were affected, but these are normally
text-only without any 0-bytes, so they worked basically all the time.
ID: 14891
Title: Fix context filter of linked view dashlets
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
If you added a dashlet, via "Link to existing view" to a dashboard (e.g. the
"events" view) and configured a "Log Entry" filter, the shown dashlet always
used the defined filter of the source view, ignoring the configured options of
the dashlet.
Other views/filters used as linked view dashlet may also be affected because of
the former order of context processing.
ID: 14888
Title: Fix wrong color for down hosts
Component: Reporting & Availability
Level: 1
Class: Bug fix
Version: 2.2.0i1
Down hosts were colored yellow in reports.
ID: 14956
Title: mk_logwatch: Make regular expression for logfiles configurable in agent bakery
Component: agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
When configuring the mk_logwatch agent plugin, it's possible to specify the file
matching patterns more precisely by defining a regular expression pattern within
the applying options.
You can choose among the keywords <tt>regex</tt> or <tt>iregex</tt> for a case
sensitive or insensitive matching, respectively.
While this option already exists for a long time, it can now be specified via
agent bakery by configuring the "Text logfiles" agent rulespec.
ID: 14651
Title: Fix "KeyError('use_regular')"
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
If users configured a rule <i>"Encryption (Linux, Windows)"</i> without actually setting values in it and used the unencryted mode of the agent controller, the Checkmk service would go {CRIT}.
ID: 14918
Title: Change base image of docker container
Component: Linux Distributions
Level: 1
Class: Security fix
Version: 2.2.0i1
With this Werk we change the base image of the Checkmk docker container from Debian buster to Ubuntu jammy.
Ubuntu jammy has more up to date packages.
This should reduce the amount of "vulnerabilities" found in the docker container by ~90%.
Please note that these vulnerabilities are either fixed by a backport of the fix or the configuration did not allow a exploitation.
The packages in the container were updated whenever a new container was build.
Unfortunately not all vulnerability-scanners were able to recognise this.
To our knowledge none of the vulnerabilities were exploitable.
We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).
This CVSS is primarily meant to please automatic scanners.
ID: 14170
Title: Fixed hanging activate changes on unfortunate error reporting
Component: Core & setup
Level: 1
Class: Bug fix
Version: 2.2.0i1
The config generation process could hang forever when an error was reported at the wrong time.
This problem could only be solved by identifying and terminating the processes that were locking the file <tt>~/etc/check_mk/main.mk</tt>.
ID: 14838
Title: REST API: New endpoint for downloading the license usage report
Component: REST API
Level: 1
Class: New feature
Version: 2.2.0i1
With the endpoint {{domain-types/license_usage/actions/download/invoke}} the
license usage report can be downloaded.
ID: 14631
Title: drbd: If the resource role was Unknown and disk state was DUnknown check result is now CRIT
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
If the resource role was 'Unknown' and the disk state was 'DUnknown' the check result used to be UNKNOWN.
Now the check result will be CRIT, if not otherwise set in the appropriate ruleset.
ID: 14824
Title: Custom extensions: Potentially incompatible change in GUI code
Component: Setup
Level: 1
Class: New feature
Version: 2.2.0i1
This werk only affects developers of custom extensions to Checkmk.
The variable <tt>cmk.gui.config.builtin_role_ids</tt>, which specifies IDs for built-in user roles,
has been split into two new variables:
LI: <tt>cmk.gui.config.default_authorized_builtin_role_ids</tt>: IDs of built-in user roles which
are by default authorized to use dashlets, sidebar snapins etc., unless explicitly specified
differently (at the moment admin, user, guest).
LI: <tt>cmk.gui.config.default_unauthorized_builtin_role_ids</tt>: IDs of built-in user roles which
are by default <i>not</i> authorized to use dashlets, sidebar snapins etc., unless explicitly
specified differently.
Note that <tt>builtin_role_ids</tt> still exists (still containing all built-in role IDs), however,
most developer will likely want to use <tt>cmk.gui.config.default_authorized_builtin_role_ids</tt>
in the future to avoid unwanted authorizations of new user roles added to
<tt>default_unauthorized_builtin_role_ids</tt>.
Alternatively, you may explicitly declare the roles you want to permit by default using
<tt>["admin", "user", "guest"]</tt>.