Release of Cacti 1.2.9

Thank you everyone who are using Cacti and especially those helping to make Cacti better!

For additional details check out the README located on GitHub.

IMPORTANT: This release addresses two CVE's that were reported. For more information see the changelog.

Contribute

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Change Log

-security#3191: Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106)
-security#3201: Remote Code Execution due to input validation failure in Performance Boost Debug Log (CVE-2020-7237)
-issue#2937: Devices still show in lists despite being deleted
-issue#3038: When editing an aggregate on smaller screens, layout may not be correct
-issue#3136: Upgrade may fail between 1.2.7 and 1.2.8 if incompatible database format used
-issue#3142: Chrome sets graphs tree navigation view to width 0px
-issue#3146: Unable to create aggregate graphs on new installations
-issue#3149: After refresh of page, tooltips stop working
-issue#3150: When using Time Graph View, Zooming can cause errors
-issue#3151: Passing glue string after array is deprecated in PHP 7.4
-issue#3155: Aggregate does not correctly follow color template when reordered
-issue#3156: On new installs, gprint_format was missing from table aggregate_graphs
-issue#3157: Back button not working properly with Classic theme
-issue#3158: Classic theme show only 3 tabs on mobile device. Don't show Console menu
-issue#3159: PHP Memory is not correctly identified when value is not in megabytes
-issue#3161: When the poller_output_boost table is missing, recreate it before a poller run
-issue#3163: When using RPMlint, Free Software Foundation address is shown to be incorrect
-issue#3165: Zoom looses its focus after all graphs on page rendered
-issue#3166: When changing zoom level, graphs are resized inappropriately at the end
-issue#3167: Installer should initialize the csrf-secret.php file automatically
-issue#3168: sqltable_to_php.php script does not pick up row_format
-issue#3177: Remove legacy plugin hook that presents potential 3rd party security issues
-issue#3178: The change password page is not displaying the rules
-issue#3180: Receiving undefined index errors when working with some Data Queries
-issue#3181: When configuration file is unreadable, Cacti shows database connection errors if non defaults are needed
-issue#3182: When a database connection error occurs, there is no way to report actual error
-issue#3184: Improve program path detection by using system path and PHP_BINDIR
-issue#3193: Starting with MySQL 5.7 some sql_mode variables are required for some plugins
-issue#3196: Minimize use of eval() in JavaScript due to emerging Content-Security-Context guidelines
-issue#3200: Unable to mass change Graph Template image format in mass
-issue#3206: Converted aggregate graph cannot be edited
-issue#3209: Error occurs when Creating New Graphs through Automatically Added Devices using Sync Device Template
-issue#3216: When editing a Data Source Profile size is shown as 'N/A'
-issue#3224: When removing graphs by command line, regex is not properly validated when empty
-issue#3225: Unable to Import Templates due to invalid dependency hash
-issue#3226: When processing secpass login, failed logins are not recorded
-issue#3228: Login page does not remember the last realm used by user
-issue#3232: When editing HRULE and VRULE items, color selector was not presented
-issue#3233: When working with non-templated graphs, it can be difficult to determine what items represent
-issue#3235: Transient errors may occur with table poller_output_boost_arch