ID: 2612
Title: Fixed possible XSS on service detail page using the long service output
Component: Multisite
Level: 2
Class: Security Fix
Version: 1.2.7i3
Normaly all check results displayed in the GUI are HTML escaped by default.
The escaping was missing for the long service output of the service detail
page. So one could create multi line check results containing HTML/Javascript
code which would be executed when a user opens the service detail page of
the service with the check result containing the injected code.
The issue has been fixed by escaping the long output exactly like the normal
plugin output. One difference is left: newline characters are replaced by
HTML newlines to make displaying of multiple lines still possible.
If you want the old behaviour back, you can disable the plugin output escaping
using the global settings. But please note that an attacker might be able to
inject javascript code.
ID: 2597
Title: Fix settings downtimes on BI aggregates in distributed environment
Component: Multisite
Level: 2
Class: Bug Fix
Version: 1.2.7i3
This fixes the exception about a missing key <tt>site</tt>.
ID: 2596
Title: Fix exception in availabiliy table if average number of events and summary are both being displayed
Component: Reporting & Availability
Level: 2
Class: Bug Fix
Version: 1.2.7i3
The exception was about <tt>group_availability</tt> not being defined. This has been fixed.
ID: 2595
Title: Discovery check can now automatically add missing services and also activate changes
Component: Core & Setup
Level: 2
Class: New Feature
Version: 1.2.7i3
You can now have the <i>Check_MK Discovery</i> check automatically repair
things by adding missing services or even removing vanished services. This is
activated by using the new rule set <i>Periodic Discovery Check</i> instead
of the previous (now deprecated) global option <i>Enable regular service
discovery checks</i>. In the new rule set you can activate and configure
this feature on a per-host base.
Also the discovery check can now warn about vanished services. The default
is that vanished services will not set the state to WARN, however, and just
display them. So unless you change the configuration the behaviour of the
discovery check has not changed.
<b>Note</b>: Automatically removing vanished services can be dangerous as
broken things like missing file systems or even switch ports that went down
will be removed from the monitoring! Only use in special situations where
this is no problem.
ID: 2581
Title: Fix crashing Nagios core in rare case when excessive commands are being executed
Component: Livestatus
Level: 2
Class: Bug Fix
Version: 1.2.7i3
The crash was due to the fact that the internal Nagios API for executing commands
is not thread safe. The CMC was not affected. This fixes the problems:
http://tracker.nagios.org/view.php?id=656http://lists.mathias-kettner.de/pipermail/checkmk-en/2015-February/014497.h…
Thanks to Ryan C. Underwood for the patch!
ID: 2578
Title: Fix exception in case a user has a non-existant role
Component: Multisite
Level: 2
Class: Bug Fix
Version: 1.2.7i3
Such a situation might be caused by manual configurations or other non-standard
operation.
ID: 2573
Title: Fix influance of service period to the availability of BI aggregates
Component: BI
Level: 2
Class: Bug Fix
Version: 1.2.7i3
When computing the availability the influence of the service period of BI
aggregates was simply ignored. This has been fixed.
ID: 2542
Title: Fix segmentation fault when filtering for service columns in log table
Component: Livestatus
Level: 2
Class: Bug Fix
Version: 1.2.7i3
The crash occurred when you filtered for a text type service column in the
log table while entries did not have service information (host alerts).
ID: 2425
Title: agent_hp_msa: New special agent to monitor "HP MSA Storage" devices
Component: Checks & Agents
Level: 2
Class: New Feature
Version: 1.2.7i3
This new special agent can be configured, just like the other special agents,
via the <i>Datasource Programs</i> in WATO.
It queries the Web-API for the data collection.
The following new checks are available with this agent
<table>
<tr><th>Check</th><th>Description</th></tr>
<tr>hp_msa_controller<td></td> <td>CPU utilization for each controller</td></tr>
<tr>hp_msa_controller.io<td></td> <td>IO througput for each controller</td></tr>
<tr>hp_msa_disk<td></td> <td>Disk summary check which shows the disks health</td></tr>
<tr>hp_msa_disk.io<td></td> <td>Disk IO throughput</td></tr>
<tr>hp_msa_disk.temp<td></td> <td>Summary check over all temperature sensors</td></tr>
<tr>hp_msa_fan<td></td> <td>Fan health status and rpm information</td></tr>
<tr>hp_msa_if<td></td> <td>Fibrechannel interfaces traffic and status</td></tr>
<tr>hp_msa_psu<td></td> <td>Power supply health</td></tr>
<tr>hp_msa_psu.sensor<td></td> <td>Power supply voltage</td></tr>
<tr>hp_msa_psu.temp<td></td> <td>Power supply temperature sensor</td></tr>
<tr>hp_msa_system<td></td> <td>Overall system health</td></tr>
<tr>hp_msa_volume<td></td> <td>Summary check of health state over all volumes.</td></tr>
<tr>hp_msa_volume.df<td></td> <td>Filesystem usage for each volume</td></tr>
<tr>hp_msa_volume.io<td></td> <td>Data IO for each volume </td></tr>
</table>
For further details regarding these checks please have a look at the manpages.
ID: 2541
Title: Round last state change of network interfaces to one day, avoid history spam
Component: HW/SW-Inventory
Level: 2
Class: Bug Fix
Version: 1.2.7i3
This avoid massive changes in inventory every time the inventory is being run - thus
avoiding spamming the inventory history.