Werk 15714 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Add support for Checkmk Appliance 1.7+
Class: feature
Compatible: compat
Component: distros
Date: 1701285077
Edition: cre
Level: 2
Version: 2.1.0p37
------------------------------------<diff>-------------------------------------------
Title: Add support for Checkmk Appliance 1.7+
Class: feature
Compatible: compat
Component: distros
Date: 1701285077
Edition: cre
Level: 2
- Version: 2.2.0p17
? ^ ^
+ Version: 2.1.0p37
? ^ ^
Werk 978 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Fix security issue with mk-job on Linux
Level: 2
Component: checks
Version: 1.2.5i3
Date: 1401093260
Class: security
Compatible: incomp
By use of symlinks or hardlinks normal users could inject files to be read
with root permissions. This was due to the fact that <tt>/var/lib/check_mk_agent/job</tt>
was installed with the permissions <tt>1777</tt>, just as <tt>/tmp</tt>. That way
a normal user could have placed a symlink to a file there that is only readable
by <tt>root</tt>. The content of that file would then appear in the agent output.
This has been fixed by not longer using <tt>/var/lib/check_mk_agent/job</tt> directly,
but by creating a separate subdirectory below that for each user. This is done by
a new version of <tt>/usr/bin/mk-job</tt>, so please make sure that if you update
the agent that you also update <tt>mk-job</tt>.
Also you now have to create job subdirectories for non-<tt>root</tt> jobs manually.
If you have a job running as user <tt>foo</tt>, then do:
C+:
RP:mkdir -p /var/lib/check_mk_agent/job
RP:chown foo:foo /var/lib/check_mk_agent/job
C-:
If you update the Check_MK Agent with RPMs/DEB from the new agent bakery or by
an RPM/DEB created from the source code with <tt>make rpm</tt> or <tt>make deb</tt>
then the permissions of <tt>/var/lib/check_mk_agent/job</tt> are automatically
fixed.
If you have installed the agent manually then please make sure that the permissions
of the job directory are set properly:
C+:
RP:chmod 755 /var/lib/check_mk_agent/job
C-:
------------------------------------<diff>-------------------------------------------
Title: Fix security issue with mk-job on Linux
Level: 2
Component: checks
Version: 1.2.5i3
Date: 1401093260
Class: security
Compatible: incomp
By use of symlinks or hardlinks normal users could inject files to be read
with root permissions. This was due to the fact that <tt>/var/lib/check_mk_agent/job</tt>
was installed with the permissions <tt>1777</tt>, just as <tt>/tmp</tt>. That way
a normal user could have placed a symlink to a file there that is only readable
by <tt>root</tt>. The content of that file would then appear in the agent output.
This has been fixed by not longer using <tt>/var/lib/check_mk_agent/job</tt> directly,
but by creating a separate subdirectory below that for each user. This is done by
a new version of <tt>/usr/bin/mk-job</tt>, so please make sure that if you update
the agent that you also update <tt>mk-job</tt>.
Also you now have to create job subdirectories for non-<tt>root</tt> jobs manually.
If you have a job running as user <tt>foo</tt>, then do:
C+:
RP:mkdir -p /var/lib/check_mk_agent/job
- RP:chown foo.foo /var/lib/check_mk_agent/job
? ^
+ RP:chown foo:foo /var/lib/check_mk_agent/job
? ^
C-:
If you update the Check_MK Agent with RPMs/DEB from the new agent bakery or by
an RPM/DEB created from the source code with <tt>make rpm</tt> or <tt>make deb</tt>
then the permissions of <tt>/var/lib/check_mk_agent/job</tt> are automatically
fixed.
If you have installed the agent manually then please make sure that the permissions
of the job directory are set properly:
C+:
RP:chmod 755 /var/lib/check_mk_agent/job
C-:
Title: Add cloud edition features to Managed Services Edition
Class: feature
Compatible: compat
Component: omd
Date: 1700123142
Edition: cme
Level: 3
Version: 2.3.0b1
With this werk, the Checkmk Managed Services Edition is now based on the Checkmk Cloud Edition and includes thus all features of the Checkmk Cloud Edition.
A technical overview of the new features can be found in the user manual: https://docs.checkmk.com/latest/en/cce.html
Title: broken autocomplete select fields
Class: fix
Compatible: compat
Component: wato
Date: 1700476403
Edition: cre
Level: 2
Version: 2.1.0p37
When a configuration form page is loaded with lots of selects, it could take
a very long time for the page to load. To gain more performance, the conversion
of select-fields to more user-friendly ones would be skipped whenever the
conversion would have taken longer than 3 seconds.
This lead to the bug that in this situation, autocomplete fields would stop
working completely.
This is fixed with this werk. While regular select fields can still be skipped
to gain page-load performance, autocomplete will never be skipped now.
There are no manual changes necessary by the user for this to take effect.
Title: broken autocomplete select fields
Class: fix
Compatible: compat
Component: wato
Date: 1700476403
Edition: cre
Level: 2
Version: 2.2.0p15
When a configuration form page is loaded with lots of selects, it could take
a very long time for the page to load. To gain more performance, the conversion
of select-fields to more user-friendly ones would be skipped whenever the
conversion would have taken longer than 3 seconds.
This lead to the bug that in this situation, autocomplete fields would stop
working completely.
This is fixed with this werk. While regular select fields can still be skipped
to gain page-load performance, autocomplete will never be skipped now.
There are no manual changes necessary by the user for this to take effect.
Werk 15610 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Fix <tt>Error in LIVESTATUS_TCP_ONLY_FROM</tt> during <tt>omd config</tt>
Class: fix
Compatible: compat
Component: omd
Date: 1683186871
Edition: cre
Knowledge: doc
Level: 2
Version: 2.3.0b1
If a user ran the command <tt>omd config</tt> and selected <tt>Distributed Monitoring >
LIVESTATUS_TCP_ONLY_FROM</tt>, then the following error was shown
C+:
Error in LIVESTATUS_TCP_ONLY_FROM
C-:
With this Werk, the error no longer occurs.
------------------------------------<diff>-------------------------------------------
Title: Fix <tt>Error in LIVESTATUS_TCP_ONLY_FROM</tt> during <tt>omd config</tt>
Class: fix
Compatible: compat
Component: omd
Date: 1683186871
Edition: cre
Knowledge: doc
Level: 2
- Version: 2.2.0b7
? ^ ^
+ Version: 2.3.0b1
? ^ ^
If a user ran the command <tt>omd config</tt> and selected <tt>Distributed Monitoring >
LIVESTATUS_TCP_ONLY_FROM</tt>, then the following error was shown
C+:
Error in LIVESTATUS_TCP_ONLY_FROM
C-:
With this Werk, the error no longer occurs.
Werk 16230 was deleted. The following Werk is no longer relevant.
Title: Add cloud edition features to Managed Services Edition
Class: feature
Compatible: compat
Component: omd
Date: 1700123142
Edition: cme
Level: 3
Version: 2.3.0b1
With this werk, the Checkmk Managed Services Edition is now based on the Checkmk Cloud Edition and includes thus all features of the Checkmk Cloud Edition.
A technical overview of the new features can be found in the user manual: https://docs.checkmk.com/latest/en/cce.html