ID: 14806
Title: Users created with the REST API can be edited
Component: REST API
Level: 1
Class: Bug fix
Version: 2.2.0i1
Previously if a user was created via the REST-API it could not be edited in the GUI. This has been fixed now.
ID: 14494
Title: Dashboard element "Service statistics": Fix "Service" filters
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
For the dashboard element "Service statistics", "Service" context filters could not be applied from version 2.1.0 on.
This is fixed: When editing the dashboard element "Service statistics", under "Context / Search Filters" both "Host" and "Service" filters can be chosen again.
ID: 14881
Title: Add missing service state conditions for alert handler
Component: Setup
Level: 1
Class: Bug fix
Version: 2.2.0i1
It's now possible to use "WARN" - "WARN", "CRIT" - "CRIT" and "UNKNOWN" -
"UNKNOWN" in the alert handler rule option "Match service event type".
Alert handler rely on the last soft state, so this states are needed, e.g. if
you would like to create a rule that should match a WARN state on the second
check attempt.
ID: 14509
Title: add authentication to REST API documentation
Component: REST API
Level: 1
Class: Security fix
Version: 2.2.0i1
It was previously not required to be authenticated to access the site's REST API documentation.
Because custom user tags and comments may appear in the automatically generated documentation,
this would represent an "information leak". Therefore, from this Werk onwards, the site's
REST API documentation is only allowed to be accessed by logged in users.
Vulnerability Management: We have rated the issue with a CVSS Score of 5.3 (Medium) with the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. A CVE has been requested
ID: 14869
Title: Fix regression in mk_logwatch plugin in Windows
Component: Checks & agents
Level: 2
Class: Bug fix
Version: 2.2.0i1
Until now mk_logwatch plugin could not create a directory for batch
files because the directory name as a rule contained a colon and the
colon is a forbidden symbol in NTFS. Due to this bug the logwatch
monitoring was impossible.
With this version mk_logwatch plugin replaces the colon in directory
name with an underscore thus fixing the regression.
SUP-11644
ID: 14387
Title: Render all Custom URL Dashlets in iframes
Component: Setup
Level: 1
Class: New feature
Version: 2.2.0i1
This werk removes the option to configure Custom URL Dashlets that are not rendered within an iframe.
Such non-iframe dashlets could not be rendered successfully due to broken update logic.
All Custom URL Dashlets are now rendered in iframes, as was the default behavior previously.
ID: 14756
Title: Fix validation of contact groups on deletion
Component: Setup
Level: 1
Class: Bug fix
Version: 2.2.0i1
The validation for used contact groups in event console rules was missing on
contact group deletion.
You will now be warned if a contact group is used in such a rule.