*** Release of Cacti 1.2.7 ***
Thank you everyone who are using Cacti and especially those helping to make Cacti better! For additional details check out the README located on GitHub. https://github.com/Cacti/cacti/blob/develop/README.md **IMPORTANT:** Security issue #2964 (CVE-2019-16723) was found and fixed that allowed unrestricted access to graphs via the https:<cacti>/graphs_json.php url. Whilst this page did check that a valid user was logged in, any user would be able to access any graph regardless of any defined permissions. *** Contribute *** Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests! https://github.com/cacti/ *** Cacti Change Log *** security#2964: CVE-2019-16723 Security issue allows to view all graphs issue#1181: When opening the Scheduler, it may appear off screen when opened near the bottom of a window issue#2894: When using Remote Data Collectors, database information and recommendations may show Incorrect values issue#2895: When using data sources from different RRDs, Percentile calculation may be incorrect issue#2899: When displaying a form, variable substitution may not always work as expected issue#2922: When running a data query, the result may come back as undefined issue#2925: When using consolidation functions, retrieving the first step can cause errors issue#2926: When editing a graph, variable validation errors may prevent changes from being saved issue#2929: Boost performance may become poor even in single server mode issue#2930: RRDtool can generate errors to standard output which can corrupt images issue#2932: When RRDTool generates an error creating an image, it is not always reportedly properly issue#2936: Installer will loop when number of tables exceeds PHP's max_input_vars limit issue#2938: Under CentOS packages, upgrade_database.php script uses incorrect location for DB upgrade scripts issue#2940: Images are not always properly sized until the page size changes issue#2949: Order icons may not be properly aligned issue#2951: Allow legends to be modified for Aggregate Graphs issue#2958: Drop down autocomplete lists do not always open as expected issue#2961: When syncing device templates, undefined function may be raised issue#2963: When running ss_cpoller script, avgTime incorrect returns maxTime issue#2966: Realtime popup windows do not always honor settings issue#2967: When using Spikekill, gap and range fill are not operating as expected issue#2970: When a user edits their profile, buttons may appear as unusable whilst still being enabled issue#2973: User menu does not always display properly on mobile devices issue#2974: Script Server can raise unexpected warnings when 'arg_num_indexes' set but not found in data source issue#2975: Datasource Debug does not properly handle European numbers in certain circumstances issue#2976: Boost messages should be stored in their own log file issue#2977: Data updates with past timestamps can cause boost errors issue#2978: Moving hosts between data collectors is slow issue#2979: Multi Output Fields are not parsed correctly issue#2984: When checking SQL fields, value was not always primed issue#2986: Selecting 'Devices' menu pick closes 'Management' menu feature#2943: Allow all Data Queries of a device to be re-indexed at once feature#2952: If device is down or threshold breached, highlight in tree view feature#2985: Update phpseclib to 2.0.23 *** Reporting Issues *** http://www.cacti.net/issues.php *** Download Cacti *** http://www.cacti.net/download_cacti.php *** Download Spine *** http://www.cacti.net/spine_download.php Thanks! The Cacti Group _______________________________________________ cacti-announce mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cacti-announce
