[//]: # (werk v2)
# Synthetic Monitoring: Let test services go stale if no merged XML data is available
key | value
---------- | ---
date | 2024-06-17T09:57:45+00:00
version | 2.3.0p7
class | fix
edition | cee
component | checks
level | 1
compatible | yes
If the rebot command fails on a test node or if all attempts time out, no merged XML data is
available on the Checkmk server. In this case, the corresponding plan service will report the
standard message "Item not found in monitoring data" and go UNKNOWN. Before this werk, the test
services behaved in the same way. As of this werk, they instead go stale, which is the intended
behavior.
[//]: # (werk v2)
# Nutanix agent: improve error handling during fetch
key | value
---------- | ---
date | 2024-06-18T10:47:59+00:00
version | 2.3.0p7
class | fix
edition | cre
component | checks
level | 1
compatible | yes
This werk improves the error handling when the agent is executed.
Prior to this change, the Check_MK service displayed that a Crash
Report should be submitted whenever the agent failed to retrieve
the data. This has been changed with this werk.
[//]: # (werk v2)
# Fix XSS in confirmation pop-up
key | value
---------- | ---
date | 2024-06-10T10:40:28+00:00
version | 2.4.0b1
class | security
edition | cre
component | wato
level | 1
compatible | yes
Prior to this Werk, there was a potential for HTML elements from user inputs to be rendered in certain confirmation pop-ups, leading to an XSS vulnerability.
This vulnerability was identified during a commissioned penetration test conducted by PS Positive Security GmbH.
*Affected Versions*:
* 2.3.0
* 2.2.0
*Indicators of Compromise*:
Injected HTML elements in some specific user input fields with no proper escaping that are displayed in the confirmation pop-up.
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 5.4 (Medium) with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N`, and assigned `CVE-2024-28831`.
[//]: # (werk v2)
# huawei_osn_laser: Fix parsing issue
key | value
---------- | ---
date | 2024-06-17T15:20:33+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Fixed a parsing issue in the huawei_osn_laser check plugin.
The problem appeared every time a serivce was supposed to have an OK state and caused the check plugin to crash, and thus not deliver any result.
The crash report ended with this line:
C+:
if "\n" in subresult[1]:
C-:
This has now been fixed.
[//]: # (werk v2)
# Fix XSS in Crash Report Page
key | value
---------- | ---
date | 2024-06-06T13:17:36+00:00
version | 2.4.0b1
class | security
edition | cre
component | wato
level | 1
compatible | yes
Prior to this Werk, it was possible to inject HTML elements into Crash report
URL in the Global settings, leading to an `XSS` vulnerability in the Crash reports page.
This vulnerability was identified during a commissioned penetration test conducted by PS Positive Security GmbH.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Indicators of Compromise*:
Check the crash report HTTP URL in the Global settings for suspicious HTML elements.
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 4.8 Medium with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N`.
and assigned `CVE-2024-28832`.
[//]: # (werk v2)
# Synthetic Monitoring: Let test services go stale if no merged XML data is available
key | value
---------- | ---
date | 2024-06-17T09:57:45+00:00
version | 2.4.0b1
class | fix
edition | cee
component | checks
level | 1
compatible | yes
If the rebot command fails on a test node or if all attempts time out, no merged XML data is
available on the Checkmk server. In this case, the corresponding plan service will report the
standard message "Item not found in monitoring data" and go UNKNOWN. Before this werk, the test
services behaved in the same way. As of this werk, they instead go stale, which is the intended
behavior.
[//]: # (werk v2)
# Nutanix agent: improve error handling during fetch
key | value
---------- | ---
date | 2024-06-18T10:47:59+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
This werk improves the error handling when the agent is executed.
Prior to this change, the Check_MK service displayed that a Crash
Report should be submitted whenever the agent failed to retrieve
the data. This has been changed with this werk.
[//]: # (werk v2)
# MS Exchange: Use consistent units (ms/s) in rules & graphs
key | value
---------- | ---
date | 2024-06-18T07:20:14+00:00
version | 2.4.0b1
class | fix
edition | cee
component | checks
level | 1
compatible | yes
Various msexch_* checks reported its values in ms in the summary/ruleset
but displayed the same value as seconds in the graph. With this werk,
all units will be reported consistently.
Title: Show traceback if a crash occurs during special agents execution
Class: fix
Compatible: compat
Component: checks
Date: 1718634477
Edition: cre
Level: 1
Version: 2.2.0p28
Currently, in the event of a crash during the execution of a special agent,
the traceback is not displayed in the user interface
but is only saved in the crash report on disk.
With this werk, the traceback will also be shown in the user interface.
Title: mknotifyd: use site names in service description
Class: fix
Compatible: incomp
Component: checks
Date: 1716821823
Edition: cre
Level: 2
Version: 2.2.0p28
This update affects users monitoring the <em>OMD Notify Connection</em> services, regardless of whether the connection is encrypted.
Previously it was not possible to correctly monitor the Notification Spooler connection with TLS. For encrypted incoming connections, the IP address and port were unavailable because managed by stunnel using Unix sockets. Consequently, services for encrypted connections were named incorrectly and always displayed the IP address as 127.0.0.1.
To resolve this issue, we have updated the service naming.
Now, the names of the involved sites will be shown in the format: <em>OMD MySite Notification Spooler connection to MyRemoteSite</em>.
Impact:
LI: Currently monitored services (e.g., those configured with unencrypted connections) will continue to work as usual.
LI: Upon rediscovery, new services will be discovered and will adopt the new naming convention. For this reason, this werk is flagged as incompatible
LI: To maintain service history, users can create a service description translation rule. This can be done in the configuration at: <em>Setup</em> > <em>Agents</em> > <em>Access to agents</em> > <em>Translation of service descriptions</em>. Use a regex or static string to map the old service names to the new ones.