Werk #7067: mail: escape notification context

Component

Notifications

Title

mail: escape notification context

Date

Mar 20, 2019

Level

Trivial Change

Class

Security Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.5.0p14	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

The notification context which contains e.g. the host name and the service description is now escaped properly, i.e. '<' is replaced by '<' and so on. Only the HTML section which can be specified in the options of a notification rule is not escaped.

To the list of all Werks