From mk at mathias-kettner.de  Tue Jan 31 13:37:36 2017
From: mk at mathias-kettner.de (Mathias Kettner)
Date: Tue, 31 Jan 2017 13:37:36 +0100 (CET)
Subject: Check_MK Werk 8585: Fix permission: normal users were allowed to
 manage MKPs - not anymore
Message-ID: <20170131123736.B98ED845D3@mail.mathias-kettner.de>

ID:          8585
Title:       Fix permission: normal users were allowed to manage MKPs - not anymore
Component:   WATO
Level:       2
Class:       Security Fix
Version:     1.2.9i1

The new MKP manager module in WATO was preconfigured in a way that a normal
monitoring user could manage MKP packages. This is considered as a bug and
now only the <tt>admin</tt> role is allowed to manage packages.


From lm at mathias-kettner.de  Tue Jan 31 13:37:53 2017
From: lm at mathias-kettner.de (Lars Michelsen)
Date: Tue, 31 Jan 2017 13:37:53 +0100 (CET)
Subject: Check_MK Werk 8467: Fixed two stored XSS issues on the report
 scheduler page
Message-ID: <20170131123753.B8D508458D@mail.mathias-kettner.de>

ID:          8467
Title:       Fixed two stored XSS issues on the report scheduler page
Component:   Reporting
Level:       1
Class:       Security Fix
Version:     1.2.9i1




From lm at mathias-kettner.de  Tue Jan 31 13:37:56 2017
From: lm at mathias-kettner.de (Lars Michelsen)
Date: Tue, 31 Jan 2017 13:37:56 +0100 (CET)
Subject: Check_MK Werk 8463: MKP Manager: Fixed possible HTML/JS injection
 from installed MKPs
Message-ID: <20170131123757.6387984670@mail.mathias-kettner.de>

ID:          8463
Title:       MKP Manager: Fixed possible HTML/JS injection from installed MKPs
Component:   WATO
Level:       1
Class:       Security Fix
Version:     1.2.9i1