*** Release of Cacti 1.2.10 *** Thank you everyone who are using Cacti and especially those helping to make Cacti better!
For additional details check out the README located on GitHub. https://github.com/Cacti/cacti/blob/develop/README.md **IMPORTANT**: Prior to this release, 1.2.10, a flaw existed which allowed a malicious actor to execute remote code by use of Guest Accounts with Real Time Access. This can be countered using any of the following: - Ensure PHP greater than 7.1 - Disabled Guest Account - Disabled Guest access to Real Time Graphs - Use Cacti 1.2.10+ *** Contribute *** Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests! https://github.com/cacti/ *** Cacti Change Log *** security#3285: When guest users have access to realtime graphs, remote code could be executed (CVE-2020-8813) issue#3240: When using User Domains, global template user is used instead of the configured domain template user issue#3245: Unix timestamps after Sep 13 2020 are rejected as graph start/end arguments issue#3246: When upgrading with remote collectors, sync status does not always return properly issue#3250: When PHP memory limit is set to -1, recommendation value fails issue#3253: Upgrade can stall when checking permissions on csrf-secret.php issue#3254: Installer shows script owner rather than running user for suggested chown command issue#3266: When setting User Groups to 'Defer to the User', setting can lead to user being told they have no permissions issue#3269: When searching Graphs under a Chinese language, an unexpected error as sometimes shown issue#3274: When editing a tree, multiple device drag/drop does not work issue#3276: When spine aborts, script server can be left wanting or generating unnecessary logs issue#3277: When boost does not find an initial time, numeric errors can be raised issue#3281: When changing Graph Template options, incorrect image format may be selected issue#3282: Graph's can be sized incorrectly if image is SVG format issue#3283: When setting a file path, valid characters not recognised properly issue#3287: When using graph template 'Cacti Stats - User Logins', an incorrect count of invalid users can be seen issue#3288: When on Device page, pressing 'Go' on the filter caused Device New menu pick to appear issue#3289: When using CMD.PHP, poller id is not always shown properly issue#3290: When using CMD.PHP, inconsistent device logging levels may occur issue#3298: When initialising fields in JavaScript, text/textarea elements have width set to zero if it is hidden by parent by ddb4github issue#3302: Editing a Graph Template does not show the Data Template name *** Reporting Issues *** http://www.cacti.net/issues.php *** Download Cacti *** http://www.cacti.net/download_cacti.php *** Download Spine *** http://www.cacti.net/spine_download.php Thanks! The Cacti Group Mark Brugnoli-Vinten The Cacti Group w: http://www.cacti.net <http://www.cacti.net/> e: develop...@cacti.net <mailto:develop...@cacti.net> e: net...@cacti.net <mailto:net...@cacti.net> Please Read: Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. _______________________________________________ cacti-user mailing list cacti-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cacti-user
