ID: 14091
Title: Do not contact site during monitoring of the agent controller
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
Contacting the site may fail and increase the execution time by the TCP timeout.
We don't need the information anyway, so don't query it.
ID: 13830
Title: Windows plugins agent: handle python plugins and local checks
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
The Windows <i>Check_MK Agent</i> was not counting python plugins and
local checks.
Now they are correctly counted.
ID: 13829
Title: Fix wrong plugin and local check count
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
The <i>Check_MK Agent</i> was not counting plugins and local checks that
didn't specify a version.
Now they are properly handled as unversioned.
ID: 14155
Title: Sorter: Improved performance
Component: Multisite
Level: 1
Class: New feature
Version: 2.2.0i1
By using temporary caches, the sorters are now twice as fast.
This could improve performance for larger views by 1-2 seconds
ID: 14074
Title: Agent controller: Try to query port both via <tt>http</tt> and <tt>https</tt>
Component: agents
Level: 1
Class: New feature
Version: 2.2.0i1
When registering at a site, the agent controller (<tt>cmk-agent-ctl</tt>) needs to
know the port at which the site is reachable. If not explicitly passed via the
command line, the controller tries to query this port from the REST API of the site.
Up to now, the controller only attempted to contact the REST API via <tt>http</tt>.
Now, the controller tries both <tt>http</tt> and <tt>https</tt> and only fails if
neither of the two suceeded.
ID: 13858
Title: Fix crash of windows updates check
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
Previously, the Windows updates check crashed if, for
some reason, windows updates service had been disabled.
In this special case the windows_updates.vbs plugin
sent specially formatted output which the check could
not correctly process.
Since this release, windows updates correctly process
any output from windows_updates.vbs plugin and reports
the error if it was presented thus eliminating the
problem.
CMK-10402
ID: 14073
Title: Agent controller: Also listen for IPv6 pull connections
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
The agent controller (<tt>cmk-agent-ctl</tt>) now also listens for incoming
IPv6 pull connections. Previously, only IPv4 connections were handled.
ID: 13930
Title: adjust Rule response format in REST API
Component: Core & setup
Level: 1
Class: Bug fix
Version: 2.2.0i1
The response of the Rule object has been changed from singular to plural in some cases.
Concretely, the following fields have been changed:
* host_tag -> host_tags
* host_label -> host_labels
* service_label -> service_labels
If you use statically typed language, you may have to recompile your auto generated API client.
ID: 14087
Title: Fix privilege escalation vulnerability
Component: Checks & agents
Level: 2
Class: Security fix
Version: 2.2.0i1
Previously to this Werk an attacker who could become a site user could replace the sites <tt>bin/unixcat</tt> by a custom executable.
The Checkmk agent would then run it as root.
With this Werk the agent now always calls one of the shipped <tt>unixcat</tt>s below <tt>/omd/versions/</tt>.
All maintained versions (>=1.6) are subject to this vulnerability. It is likely that also previous versions were vulnerable.
To check against possible exploitation make sure that the sites directory <tt>~MySite/bin</tt> points to <tt>/omd/versions/MySitesVersion/bin<tt>.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 8.2
CVE will be added here later
ID: 14156
Title: Fixed bug where bi aggregations were occasionally incomplete/missing
Component: BI
Level: 1
Class: Bug fix
Version: 2.2.0i1
The compiled aggregation trees were incomplete when a user with a restricted host/service view triggered the bi-compilation.