Werk 16846 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# The custom instances of the MS SQL Server plugin are configured correctly
key | value
---------- | ---
date | 2024-07-19T11:09:57+00:00
version | 2.3.0p11
class | fix
edition | cee
component | checks
level | 2
compatible | yes
Previously, configuring custom instances, WATO used wrong key names:
`conn` instead of a correct `connection` and `auth` instead of
a correct `authentication`.
With this release the problem has been eliminated,
If you are using custom instances you need to bake and deploy new
agent package
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
- # WATO configures correctly custom imstances for MS SQL Server plugin
+ # The custom instances of the MS SQL Server plugin are configured correctly
key | value
---------- | ---
date | 2024-07-19T11:09:57+00:00
version | 2.3.0p11
class | fix
edition | cee
component | checks
level | 2
compatible | yes
- Previously, configuring custom instances, WATO used wrong names:
+ Previously, configuring custom instances, WATO used wrong key names:
? ++++
`conn` instead of a correct `connection` and `auth` instead of
a correct `authentication`.
With this release the problem has been eliminated,
If you are using custom instances you need to bake and deploy new
agent package
[//]: # (werk v2)
# WATO configures correctly custom imstances for MS SQL Server plugin
key | value
---------- | ---
date | 2024-07-19T11:09:57+00:00
version | 2.3.0p11
class | fix
edition | cee
component | checks
level | 2
compatible | yes
Previously, configuring custom instances, WATO used wrong names:
`conn` instead of a correct `connection` and `auth` instead of
a correct `authentication`.
With this release the problem has been eliminated,
If you are using custom instances you need to bake and deploy new
agent package
[//]: # (werk v2)
# mk_filestats: Do not compute file statistics in case of a folder
key | value
---------- | ---
date | 2024-07-16T06:28:13+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Title: ruleset ewon warning about "Invalid check parameter: Undefined key 'device'.." in UI
Class: fix
Compatible: compat
Component: checks
Date: 1721369292
Edition: cre
Level: 1
Version: 2.2.0p32
The `ewon` ruleset didn't know a `device` key, which was created during recovery, resulting in
a warning displayed with the rendered rule in UI saying
"Invalid check parameter: Undefined key 'device'..."
This change marks `device` as ignored key, satisfying the rule validity check.
Title: Livestatus injection in mknotifyd
Class: security
Compatible: compat
Component: notifications
Date: 1720439889
Edition: cee
Level: 1
Version: 2.2.0p32
Before this Werk a malicious notification sent via mknotifyd could allow an attacker to send arbitrary livestatus commands.
With this Werk livestatus escaping was added to the relevant functions.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 6.5 Medium (<code>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L</code>) and assigned <code>CVE-2024-6542</code>.
Title: Rename host/item match rule search parameter to clarify behavior
Class: fix
Compatible: compat
Component: wato
Date: 1720784196
Edition: cre
Level: 1
Version: 2.2.0p32
The rule search page offers two parameters "Host match list" and "Item
match list". These parameters could be used to search for rules which
have their explicit host or item condition set up in such a way that it
matches the given host or service (either by being unset or set).
However, these parameters do not check other conditions and might return
rules which for other reasons (such as a second host tag condition for
example) still might not match the specified host or service.
This werk renames these fields to "Explicit host matching" and "Explicit
item matching" and expands on their inline help to clarify this
behavior.
To see which rules are effective on a given host, please refer to the
"effective parameters" item under the burger menu in a host monitoring
view.
Title: Check for predefined connections when deploying xinetd config
Class: security
Compatible: incomp
Component: checks
Date: 1719818629
Edition: cce
Level: 1
Version: 2.2.0p32
When an agent rule <em>Agent controller auto-registration (Managed Services Edition, Cloud Edition)</em> was configured for an agent package one might assume that when installing this package the agent encrypts its traffic.
But when installing such a package on a system without systemd but with xinetd installed or a very old systemd versions, the agent was deployed without registration and encryption.
With this Werk the deployment script for systemd/xinetd checks for predefined/preconfigured connections and if it finds any it refuses to configure the legacy mode.
The agent is still installed though but will not be accessible via the network, so access with SSH will still be possible.
Therefore you can no longer use baked packages with auto registration for systems without systemd or very old systemd versions where the legacy mode is desired.
These systems need to be excluded from the <em>Agent controller auto-registration (Managed Services Edition, Cloud Edition)</em> rule.
<em>Vulnerability Management</em>:
We do not rate this as a exploitable vulnerability but a safe guard for unintended configurations, therefore no CVE was assigned.
To aid automated scanning we assign a CVSS score of 0.0 None (<code>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N</code>).
Title: check_disk_smb: fix TCP Port
Class: fix
Compatible: compat
Component: checks
Date: 1717653341
Edition: cre
Level: 1
Version: 2.2.0p32
The "TCP Port" option was using an incorrect commandline argument.
This is now fixed.
[//]: # (werk v2)
# KUBE: Addition of support for Kubernetes v1.29
key | value
---------- | ---
date | 2024-07-18T06:09:19+00:00
version | 2.3.0p11
class | feature
edition | cre
component | checks
level | 1
compatible | yes
With this release of Checkmk, we introduce support for version 1.29 of Kubernetes.
The supported versions are listed below:
Checkmk 2.2: 1.22, 1.23, 1.24, 1.25, 1.26, 1.27
Checkmk 2.3: 1.24, 1.25, 1.26, 1.27, 1.28, 1.29
The list of supported versions may not apply to future patch versions. For such cases, a
new werk will be released.