ID: 14349
Title: performance bug when using a cluster
Component: Core & setup
Level: 2
Class: Bug fix
Version: 2.2.0i1
Running all checks on a cluster with more than 100 services took several minutes. This has been fixed and runtime is now a few seconds.
No user interaction required.
ID: 14145
Title: Crash: Performance Graph dashlet without service context
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
When creating a performance graph dashlet without the service context you would expect
the dashlet to use the available host metrics from the Host Check Command.
Since 2.1.0i1 this was no longer possible because the dashlet crashed with the error:
<b>Exception: AttributeError ('str' object has no attribute 'values')</b>
Now the dashlet works as intended again.
ID: 13921
Title: Edit dashboard element: Keep context information filled out
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
In the form for adding/editing a dashboard element: Whenever the filled in information resulted in an error (upon submit), any newly filled in context information was lost. This is fixed and the entered context information is preserved also in case of a form error.
ID: 14143
Title: Add option to use narrow rendering for informational columns
Component: Reporting & Availability
Level: 1
Class: New feature
Version: 2.2.0i1
You can now select to use narrow rendering for columns in reports.
This enables the option to render informational columns with the same width
as columns with visualization levels.
ID: 14397
Title: Show all folders in REST API starts recursion at parent
Component: REST API
Level: 1
Class: Bug fix
Version: 2.2.0i1
When calling the endpoint `/domain-types/folder_config/collections/all` and setting recursive to true the API would return all folders, independent of the set parent.
This has been fixed now.
ID: 14365
Title: REST API user_config: Can't assign users with custom user role
Component: REST API
Level: 1
Class: Bug fix
Version: 2.2.0i1
Previously, when attempting to assign custom user roles to a user,
the REST API would return a 400 bad request. This werk fixes this
issue by allowing custom user roles to be assigned to users.
ID: 14098
Title: Fix ownership of debian maintainer scripts for shipped agent package
Component: agents
Level: 1
Class: Security fix
Version: 2.2.0i1
This issue affects users that deployed the shipped version of the Checkmk agent Debian package.
Packages created by the agent bakery (enterprise editions only) were not affected.
Previous to this Werk a user with the UID 1001 on a monitored host could gain root privileges.
This was caused by wrong file ownership of the maintainer scripts located at <tt>/var/lib/dpkg/info</tt>: they were owned by the user and group with the ID 1001 instead of root.
If such a user exists on your system, they can change the content of these files which are later executed by root (during package installation, update or removal), leading to a local privilege escalation on the monitored host.
To see if you are affected check the ownership of the files <tt>/var/lib/dpkg/info/check-mk-agent.*</tt> -- they should be owned by root and only writable by root.
If those files are not owned by root, you should perform the following steps <b>before updating the agent</b>:
LI: Ensure they have not been tampered with.
LI: Either immediately upgrade the agent or change the ownership of the files to <tt>root.root</tt> and the permissions to <tt>755</tt>
To make sure the files have not been tampered with, you can check out the expected content in the "%pre", "%post" and "%preun" sections of <a href="https://github.com/tribe29/checkmk/blob/master/agents/check-mk-agent.spec">this file</a> (make sure to select the right Checkmk version in the dropdown choice that reads "master").
To get an idea of what the files should look like in the 2.1.0 version, you can also look at the checked in versions of the master branch <a href="https://github.com/tribe29/checkmk/tree/master/agents/debian/control">here</a>.
Note that smaller deviations are no cause for concern.
ID: 13424
Title: KUBE: dashboard: multiple sites: Node overview showing sites
Component: Setup
Level: 1
Class: Bug fix
Version: 2.2.0i1
The Nodes overview in the "Kubernetes Cluster" dashboard showed sites instead
of hosts/nodes if checkmk was configured in a distributed setup.
This is fixed with this werk: Now hosts/nodes are shown in the node overview.
ID: 14159
Title: liveproxyd: the heartbeat client now tests all open channels before disconnecting the remote site
Component: Livestatus Proxy
Level: 1
Class: Bug fix
Version: 2.2.0i1
The feature itself was already implemented, but only worked once after every liveproxyd restart.
ID: 14158
Title: liveproxyd: fixed occassional connection loss/timeouts
Component: Livestatus Proxy
Level: 1
Class: Bug fix
Version: 2.2.0i1
Sometimes the liveproxyd was unwilling to process clients with a pending request.