[Check_mk Announce] New Check_MK stable release 1.4.0p36

Dear friends of Check_MK,

the new stable release 1.4.0p36 of Check_MK is ready for download.

This maintenance release ships with 36 changes affecing all editions of Check_MK,
5 Enterprise Edition specific changes and 0 Managed Services Edition specific changes.

Changes in all Check_MK Editions:

* 6568 SEC: Fixed possible XSS on custom icon management page
* 6567 SEC: Fixed possible XSS on activate changes page
* 6609 SEC: Fixed possible XSS on SNMP MIB upload page
* 6611 SEC: Fixed multiple reflected XSS attacks using AJAX calls
* 6618 SEC: Fixed missing CSRF protection for host diagnostic AJAX calls
* 4682 SEC: Add permission “Can add or modify executables” to be able to fine tune access rights
NOTE: Please refer to the migration notes!
* 6552 FIX: Role changes now create change entries on central site
* 6551 FIX: Fixed missing permission checking during “Discard changes”

User interface:
* 6615 SEC: Fixed unauthorized access to master control actions
* 6612 SEC: Fixed possible reflected XSS using back URLs in view editor
* 6622 SEC: Fixed possible open redirect on login page
* 6610 SEC: Fixed possible XSS using the dokuwiki snapin
* 6565 SEC: Fixed possible XSS issues in Bookmarks snapin
* 6613 SEC: Fixed multiple reflected XSS in affecting sidebar snapin AJAX calls
* 6620 SEC: Fixed missing CSRF protection for site status AJAX calls
* 6619 SEC: Fixed missing CSRF protection for master control AJAX calls

HW/SW inventory:
* 6494 FIX: win_video: Fixed crash if driver date is missing

Checks & agents:
* 5223 juniper_alarm, juniper_bgp_state, juniper_cpu, juniper_cpu_util, juniper_fru, juniper_mem: Try discovery also on QFX series devices
* 6472 FIX: zpool: Fixed title and units of graphs
* 6590 FIX: uptime.include: Even if an SNMP-Device does not have a sysDesc it still can have an uptime
* 6593 FIX: sylo: Fixed missing performance data ‘IN’ and ‘OUT’ rates
* 6461 FIX: solaris_mem: Fix crashing check when values in agent output are given in Kilobytes
* 6592 FIX: snmp_info: Generate snmp_info service even if the sysDescription is not set
* 6404 FIX: oracle_undostat: prevent the discovery of invalid services
* 6493 FIX: netscaler_vserver: Discovers readable names
* 6597 FIX: netapp_api_vs_traffic: Fixed pending services
* 6398 FIX: netapp_api_environment: Fixed discovery of environmental sensors like PSU
* 6489 FIX: mssql_backup: Fixed parsing of backup date, time and type
* 6460 FIX: jolokia_generic: Do not crash when non-numeric data is supplied for number or rate type values
* 6591 FIX: if: Network appliances with only one network interface were not discovered
* 6589 FIX: ibm_svc_mdiskgrp: Fixed disregarded provisioning state
* 6313 FIX: esx_vsphere_hostsystem: Fixed discovery of multipaths
* 6400 FIX: brocade_fcport: fix for the calculation of received and transmitted bytes per second
* 6476 FIX: apc_symmetra: Fixed transposed default levels for battery capacity
NOTE: Please refer to the migration notes!
* 6474 FIX: aix_diskiod: Fixed style of graphs
* 6459 FIX: 3par_volumes: Fix crash due to unknown provisioning type

Changes in the Check_MK Enterprise Edition:

The Check_MK Micro Core:
* 6017 The CMC logs external commands into the monitoring history now.

Reporting & availability:
* 6563 FIX: Fixed displaying of joined perf-o-meter columns

Agent bakery:
* 6614 SEC: Fixed reflected XSS affecting agent updater AJAX calls
* 6566 SEC: Fixed possible XSS on agent update status views
* 6621 SEC: Add permission to prevent users from editing “Deploy custom files with agent” rule set

Changes in the Check_MK Managed Services Edition:


You can download Check_MK from our download page:
* http://mathias-kettner.de/check_mk_download.html

Please mail bug reports and qualified feedback to feedback@check-mk.org.
We greatly thank you for using Check_MK and wish you a successful monitoring,

Your Check_MK Team

Mathias Kettner GmbH
Kellerstraße 29, 81667 München, Germany
Registergericht: Amtsgericht München, HRB 165902
Geschäftsführer: Jan Justus, Mathias Kettner
Tel. +49 89 1890 435-0
Fax. +49 89 1890 435-29

