Release of Cacti 1.2.8
Thank you everyone who are using Cacti and especially those helping to make Cacti better!
For additional details check out the README located on GitHub.
IMPORTANT: This release addresses two CVE's that were reported. For more information see the changelog.
Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!
Change Log
- security#3025: CVE-2019-17357 When viewing graphs, some input variables are not properly checked (SQL injection possible)
- security#3026: CVE-2019-17358 When deserializating data, ensure basic sanitization has been performed
- security#3066: When using HTTPS, secure cookie to prevent potential weakness
- issue#1228: Any tree or branch with a long name force main content off screen
- issue#2133: Long snmp_indexes are being cut off
- issue#2888: Long hostnames cause template filter to go off page
- issue#2987: Changing Color Template does not update Aggregate
- issue#2989: Allow Remote Data Collectors to maintain their own path variables
- issue#2991: Cacti Statistics device template can generate unexpected errors
- issue#2995: When editing a report, column setting may be ignored incorrectly
- issue#2996: When editing a user, graph options do not properly reflect previously saved settings
- issue#2998: Session performance issues due to excessive use for database storage
- issue#2999: Blank arguments can lead to extra spaces in script arguments
- issue#3006: Boost generates undefined variables warning during poller run
- issue#3011: i18n logging does not check write permission exists
- issue#3012: When viewing realtime graphs, some input variables are not properly checked
- issue#3013: Allow legends to be modified for Aggregate Graphs
- issue#3017: Automation network range with spaces fails validation
- issue#3019: User selected language is not always adhered to
- issue#3021: Tree view cuts off at the bottom of page on modern theme
- issue#3023: When clicking highlighted tab, side panel is not always shown/hidden correctly
- issue#3027: Aggregate Graph re-ordering does not work
- issue#3028: When zooming a graph, unable to reach edge of graph without losing focus
- issue#3030: Pace continues to run even after a page is finished rendering
- issue#3032: Graphs may select MAX instead of AVERAGE as consolidation function even if there is no item with MAX present.
- issue#3035: When editing a tree, can not remove entries due to CSS bug
- issue#3037: When emptying poller output using cli, debug functions are not properly included
- issue#3039: Allow packagers to be able to specify an alternate location of csrf-secret.php file
- issue#3040: When running automation, discovery can still run even if cancelled
- issue#3041: When running automation, scans do not always respond to being cancelled
- issue#3042: When running automation, scan can fail when selecting remote pollers
- issue#3045: When viewing Aggregate Graphs, an error due to undefined referrer may occur
- issue#3047: When saving settings, ignore remote pollers who have not checked in recently
- issue#3050: When viewing graph trees, some input variables are not properly checked
- issue#3052: When editing CDEF's, slow database performance can occur
- issue#3053: When viewing graph thumbnails, some input variables are not properly checked
- issue#3055: During install/upgrade, database tests are not performed correctly
- issue#3059: When using nth_percentile, correct value is not always returned if using MAX consolidation
- issue#3060: When upgrading from older MySQL databases, format is not changed from compact to dynamic
- issue#3061: When running automation, allow SNMP to be used as a ping method
- issue#3068: When administrating users, some input variables are not properly checked
- issue#3070: Improve database logging when a crashed table is encountered
- issue#3073: Automation network range does not always produce the correct start/end values
- issue#3078: When viewing graph debug from remote data collector, File Not Found warnings can appear incorrectly
- issue#3079: Allow domain names to be stripped from a device's long description
- issue#3080: Remote Agent throws warnings that graph_nolegend has not been sanitized
- issue#3085: When editing a poller, ensure each listening IP is unique
- issue#3081: External Links are not showing a glyph when they appear on the Console menu
- issue#3089: When viewing graphs in realtime, undefined variable can be logged for 95th Percentile graphs
- issue#3099: Graph template 'Linux - Memory Usage' has the wrong unit on its vertical_label
- issue#3101: Polling times can be slightly inconsistent due
- issue#3104: When viewing graphs, a byref error can be seen in the error logs
- issue#3105: When viewing hosts, some input variables are not properly checked
- issue#3111: When adding devices via command line, bad SNMP versions are not reported
- issue#3112: When zooming on Graphs, too many requests are being made causing slowness
- issue#3114: Support for USB devices that change name due to their hosts restarting
- issue#3118: When converting tables, the dynamic row format should be selected
- issue#3119: Main Data Collector should perform a Full Sync whenever it is installed/upgraded
- issue#3120: Correct issues causing incompatibility with PHP 7.4
- issue#3121: When converting tables during install, show what will be changed
- issue#3123: Named colors table is not properly imported/upgraded
- issue#3124: When a second data collector is added, boost is not enabled automatically
- issue#3128: i18n handler checks for existence of wrong mo file
- issue#3129: Logout repeated occurs even when already logged out
- issue#3132: Installer fails to continue if automation range is array of networks
- feature#3077: Allow disabling remote poller resource cache replication to support upgrade testing
*** Reporting Issues ***
*** Download Cacti ***
*** Download Spine ***
The Cacti Group