Werk #13719: Remove report element "Paragraph of text fetched via HTTP(s)"

Component Reporting & availability
Title Remove report element "Paragraph of text fetched via HTTP(s)"
Date Feb 9, 2022
Checkmk Edition Checkmk Enterprise (CEE)
Checkmk Version 2.0.0p20 2.1.0b1
Level Trivial Change
Class Security Fix
Compatibility Incompatible - Manual interaction might be required

In previous versions one could add text from foreign websites into reports. Paragraph of text fetched via HTTP(s) The functionality was very limited since no parsing was done. This functionality broke with version 2.0.0.

Additionally this could enable a malicious actor to retrieve sensitive information from systems accessible to the Checkmk server (SSRF). Therefore the functionality is removed.

Existing report elements of type Paragraph of text fetched via HTTP(s) will be converted to Paragraph of text elements with text refering to the URL. Unfortunately no macros will be resolved.

To the list of all Werks