Release of Cacti 1.2.10
Thank you everyone who are using Cacti and especially those helping to make Cacti better!
For additional details check out the README located on GitHub.
IMPORTANT: This release addresses one new CVE that was reported. For more information see the changelog.
Contribute
Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!
Change Log
-security#3285: When guest users have access to realtime graphs, remote code could be executed (CVE-2020-8813)
-issue#3240: When using User Domains, global template user is used instead of the configured domain template user
-issue#3245: Unix timestamps after Sep 13 2020 are rejected as graph start/end arguments
-issue#3246: When upgrading with remote collectors, sync status does not always return properly
-issue#3250: When PHP memory limit is set to -1, recommendation value fails
-issue#3253: Upgrade can stall when checking permissions on csrf-secret.php
-issue#3254: Installer shows script owner rather than running user for suggested chown command
-issue#3266: When setting User Groups to 'Defer to the User', setting can lead to user being told they have no permissions
-issue#3269: When searching Graphs under a Chinese language, an unexpected error as sometimes shown
-issue#3274: When editing a tree, multiple device drag/drop does not work
-issue#3276: When spine aborts, script server can be left wanting or generating unnecessary logs
-issue#3277: When boost does not find an initial time, numeric errors can be raised
-issue#3281: When changing Graph Template options, incorrect image format may be selected
-issue#3282: Graph's can be sized incorrectly if image is SVG format
-issue#3283: When setting a file path, valid characters not recognised properly
-issue#3287: When using graph template 'Cacti Stats - User Logins', an incorrect count of invalid users can be seen
-issue#3288: When on Device page, pressing 'Go' on the filter caused Device New menu pick to appear
-issue#3289: When using CMD.PHP, poller id is not always shown properly
-issue#3290: When using CMD.PHP, inconsistent device logging levels may occur
-issue#3298: When initialising fields in JavaScript, text/textarea elements have width set to zero if it is hidden by parent by ddb4github
-issue#3302: Editing a Graph Template does not show the Data Template name