github Cacti/cacti release/1.2.25
v1.2.25
on GitHub

latest release: release/1.2.26
7 months ago

Release of Cacti 1.2.25

Thank you everyone who are using Cacti and especially those helping to make Cacti better!

For additional details check out the README located on GitHub.

Following on from our previous release, Cacti has been receiving extra eyes across the code base. This has meant a delay in the release of 1.2.25 as we work with various parties to improve Cacti and provide better protection from potential malicious actors.

Windows users can find a beta version of the latest Windows installer via our forum thread http://forums.cacti.net/viewtopic.php?p=292797#p292797 which will be updated as the beta is updated. There has been a major re-working of the installer including having Apache installed using the Windows Service Virtual Account to help improve security, and updated versions of PHP, RRDtool, Net-SNMP. It also introduces a change from MySQL to MariaDB as the default database engine that is installed.

As we focus more work on trying to get 1.3 ready for testing, we have also added extra device packages that can be installed during the normal web installer, or added manually afterwards (see the install/packages folder).

Contribute

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Cacti Change Log

  • security #GHSA-77rf-774j-6h3p: Protect against Insecure deserialization of filter data
  • security #GHSA-gx8c-xvjh-9qh4: Protect against Cross-Site Scripting vulnerability when creating new graphs
  • security #GHSA-6r43-q2fw-5wrg: Protect against Unauthenticated SQL Injection when viewing graphs
  • security #GHSA-6jhp-mgqg-fhqg: Protect against SQL Injection when saving data with sql_save()
  • security #GHSA-g6ff-58cj-x3cp: Protect against Authenticated command injection when using SNMP options
  • security #GHSA-q4wh-3f9w-836h: Protect against Authenticated SQL injection vulnerability when managing graphs
  • security #GHSA-gj95-7xr8-9p7g: Protect against Authenticated SQL injection vulnerability when managing reports
  • security #GHSA-v5w7-hww7-2f22: Protect against SQL Injection when using regular expressions
  • security #GHSA-4pjv-rmrp-r59x: Protect against Open redirect in change password functionality
  • security #GHSA-rwhh-xxm6-vcrv: Protect against Cross-Site Scripting vulnerability with Device Name when managing Data Sources
  • security #GHSA-24w4-4hp2-3j8h: Protect against Cross-Site Scripting vulnerability with Device Name when administrating Reports
  • security #GHSA-5hpr-4hhc-8q42: Protect against Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports
  • security #GHSA-vqcc-5v63-g9q7: Protect against Cross-Site Scripting vulnerability with Device Name when managing Data Sources
  • security #GHSA-9fj7-8f2j-2rw2: Protect against Cross-Site Scripting vulnerability with Device Name when debugging data queries
  • security #GHSA-6hrc-2cfc-8hm7: Protect against Cross-Site Scripting vulnerability with Data Source Name when managing Graphs
  • security #GHSA-hrg9-qqqx-wc4h: Protect against Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries
  • security #GHSA-r8qq-88g3-hmgv: Protect against Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources
  • security #GHSA-rf5w-pq3f-9876: Protect against Privilege escalation when Cacti installed using Windows Installer defaults
  • issue #2959: When rebuilding the Poller Cache from command line, allow it to be multi-threaded
  • issue #4045: When searching tree or list views, the URL does not update after changes
  • issue #5254: When creating a Data Source Template with a specific snmp port, the port is not always applied
  • issue #5255: When a Data Query references a file, the filename should be trimmed to remove spurious spaces
  • issue #5258: THold plugin may not always install or upgrade properly
  • issue #5259: RRD file structures are not always updated properly, if there are more Data Sources in the Data Template than the Graph Template
  • issue #5263: When reindexing devices, errors may sometimes be shown
  • issue #5272: Boost may loose data when the database server is overloaded
  • issue #5275: Boost can sometimes output unexpected or invalid values
  • issue #5277: Boost should not attempt to start if there are no items to process
  • issue #5279: Rebuilding the poller cache does not always work as expected
  • issue #5282: Host CPU items may not work poll as expected when on a remote data collector where hmib is also enabled
  • issue #5283: When creating new graphs, invalid offset errors may be generated
  • issue #5291: When importing packages, SQL errors may be generated
  • issue #5298: When managing plugins from command line, the --plugin option is not properly handled
  • issue #5299: When automating an install of Cacti, error messages can be appear
  • issue #5300: When performing automated install of a plugin, warnings can be thrown
  • issue #5315: Automation references the wrong table name causing errors
  • issue #5317: Data Source Info Mode produces invalid recommendations
  • issue #5319: Data Source Debug 'Run All' generates too many log messages
  • issue #5323: The description of rebuild poller cache in utilities does not display properly
  • issue #5324: When reindexing a device, debug information may not always display properly
  • issue #5329: Upon displaying a form with errors, the session error fields variable isn't cleared
  • issue #5333: MariaDB clusters will no longer support exclusive locks
  • issue #5336: RRDtool can fail to update when sources in Data Template and Graph Template data sources do not match
  • issue #5338: Compatibility improvements for Boost under PHP 8.x
  • issue #5342: When searching the tree, increase the time before querying for items
  • issue #5347: Device Location drop down does not always populate correctly
  • issue #5354: When viewing Realtime graphs, undefined variable errors may be reported
  • issue #5355: SNMP Uptime is not always ignored for spikekills
  • issue #5356: Improve detection of downed Devices
  • issue #5360: When reporting missing functions from Plugins, ensure messages do not occur too often
  • issue #5364: When starting the Cacti daemon, database errors may be reported when there is no problem
  • issue #5366: When reporting from RRDcheck, ensure prefix is in the correct casing
  • issue #5371: Improve Orphaned Data Source options and display
  • issue #5372: Parsing the PHP Configuration may sometimes produce errors
  • issue #5376: Security processes attempt to check for a user lockout even if there is no user logged in
  • issue #5377: When attempting to edit a tree, the search filter for Graphs remains disabled
  • issue #5381: When reindexing, a Data Source that could be un-orphaned may not always be unorphaned
  • issue #5382: When parsing a date value, there could be more than 30 chars
  • issue #5384: Untemplated Data Sources can fail to update due to lack of an assigned Graph
  • issue #5386: When processing items to check, do not include disabled hosts
  • issue #5390: When saving a Data Source Template, SQL errors may be reported
  • issue #5392: When importing a Template, errors may be recorded
  • issue #5402: Some display strings have invalid formatting that cannot be parsed
  • issue #5403: When filtering with regular expressions, the 'does not match' option does not always function as expected
  • issue #5409: When enabling a plugin, sometimes it can appear as if nothing happens
  • issue #5413: Ensure the Rows Per Page option shows limitations set by configuration
  • issue #5414: Plugins are unable to modify fields in the setting 'Change Device Settings'
  • issue #5417: When reporting emails being sent, ensure BCC addresses are also included
  • issue #5420: Improve compatibility of SNMP class trim handling under PHP 8.x
  • issue #5426: When importing legacy Data Query Templates, the Template can become unusable
  • issue #5427: Provide ability to raise an event when extending the settings form
  • issue #5434: Prevent unsupported SQL Mode flags from being set
  • issue #5439: The DSStats summary does not always display expected values
  • issue #5440: When performing a fresh install, device classification may be missing.
  • issue #5446: Duplication functions for Graph/Template and Data Source/Template do not return and id
  • issue #5447: Duplication of Device Templates should be an API call
  • issue #5450: Unable to convert database to latin1 instead of utf8 if desired
  • issue #5451: When creating Graphs, the process may become slower over time as more items exist
  • issue #5452: When a bulk walk size is set to automatic, this is not always set to the optimal value
  • issue #5453: Update copyright notice on import packages
  • issue #5454: When viewing Orphan Graphs, SQL errors may be reported
  • issue #5457: When reindexing hosts from command line, ensure only one process runs at once
  • issue #5458: When a Data Query has no Graphs, it may not be deletable
  • issue #5459: When duplicating a Graph Template, provide an option to not duplicate Data Query association
  • issue #5460: When duplicating a Data Template errors can appear in the Cacti log
  • issue #5462: When importing a Package, previewing makes unexpected changes to Cacti Templates
  • issue #5466: When enabling boost on a fresh install, an error may be reported
  • issue #5467: Improve compatibility for backtrace logging under PHP 8.x
  • issue #5475: Improve compatibility for Advanced Ping under PHP 8.x
  • feature #5375: Provide new templates for Fortigate and Aruba Cluster to be available during install
  • feature #5393: Provide new template for SNMP Printer to be available during install
  • feature #5418: When importing devices, allow a device classification to be known
  • feature #5442: Extend length of maximum name in settings table
  • feature #5444: Extend length of maximum name in user settings table
  • feature #5448: Data Queries do not have a Duplication function
  • feature #5252: Upgrade d3.js v7.8.2 and billboard.js v3.7.4
  • feature #5358: Upgrade ua-parser.js to version 1.0.35
  • feature #5397: Update Cisco Device Template to include HSRP graph template
  • feature: New hook for device template change 'device_template_change'

Reporting Issues

http://www.cacti.net/issues.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks!
The Cacti Group

Check out latest releases or
releases around Cacti/cacti release/1.2.25

Don't miss a new cacti release

NewReleases is sending notifications on new releases.

Get notifications