Package Release Info

cacti-1.2.13-bp151.4.12.1

Update Info: openSUSE-2020-1106
Available in Package Hub : 15 SP1 Update

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

cacti

Change Logs

* Tue Jul 14 2020 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.13:
  * Query XSS vulnerabilities require vendor package update
    (CVE-2020-11022 / CVE-2020-11023)
  * Lack of escaping on some pages can lead to XSS exposure
  * Update PHPMailer to 6.1.6 (CVE-2020-13625)
  * SQL Injection vulnerability due to input validation failure when
    editing colors (CVE-2020-14295, boo#1173090)
  * Lack of escaping on template import can lead to XSS exposure
* Mon May 11 2020 Lars Vogdt <lars@linux-schulserver.de>
- switch from cron to systemd timers (boo#1115436):
  + cacti-cron.timer
  + cacti-cron.service
- introduce rpmlintrc for obvious false positives from rpmlint
  + cacti-rpmlintrc
- use fdupes to reduce amount of needed/wasted space
- re-introduce RPM Group to avoid huge rpmlint complains on 15.1
- remove .gitignore and .gitattributes files (not needed)
- avoid potential root escalation on systems with fs.protected_hardlinks=0
  (boo#1154087): handle directory permissions in file section instead
  of using chown during post installation
- rewrote apache configuration to get rid of .htaccess files and
  explicitely disable directory permissions per default
  (only allow a limited, well-known set of directories)
Version: 1.1.38-2.1
* Fri Jul 13 2018 uhaider.msee15seecs@seecs.edu.pk
-Fixed missing packages php-json, php-ctype, and php-gd in cacti.spec. bsc#1101024
-Fixed Apache2.4 and Apache2.2 runtime configuration issue. bsc#1101139
* Mon Apr 16 2018 liedke@rz.uni-mannheim.de
-Build version 1.1.38
  - issue#1501: cmd.php poller not stripping alpha from snmp get values
  - issue#1515: Special characters not rendered properly in settings
  - issue#1530: Inconsistent behaviour handling blank Field Name/Value
    when editing data query suggested values
  - issue#1537: Numeric validation not ignoring blank elements
* Mon Mar 26 2018 liedke@rz.uni-mannheim.de
- Change minimum php version to 5.4
-Build version 1.1.37
  - issue#274: Allow Realtime Graph Popup Mode
  - issue#1405: When Data Query columns are wide, they cause rendering
    issues
  - issue#1414: DSSTATS reports incorrectly that a data source does not
    exist
  - issue#1419: Filtering log results in errors in the log
  - issue#1420: PHP NOTICE editing cdef and vdef items
  - issue#1421: CLI upgrade_database.php PHP Warning on execution
  - issue#1426: Remote poller erroring attempting to verify files
  - issue#1432: Delete confirmation does not disappear
  - issue#1443: Partial Save warnings under Settings -> Mail/Reporting/DNS
  - issue#1447: CLI audit_database.php not detecting database name, and
    failed to create audit tables when run fresh
  - issue#1453: CLI add_graph.php not allowing title to be set
  - issue#1456: Increase minimum php version maintaining support for RHEL6
  - issue#1457: Path-Based Cross-Site Scripting (XSS) issues
  - issue#1458: Error in logs when creating new graphs
  - issue#1459: Automation filter not applied correctly
  - issue#1461: Setting output_format on input type causes no values to be
    returned
  - issue#1464: Poller stuck in infinitely loop causing excess logging
  - issue#1466: No scrollbars in mobile browsers
  - issue#1468: Increase max length of host.snmp_sysObjectID column
  - issue#1471: Undefined function found in global_languages.php
  - issue#1472: Change Device Options - Style needs updating
  - issue#1474: Check possibility for creation of temporary tables on install
  - issue#1487: Undefined constant in ldap.php
  - issue#1483: Create New Graphs - Paw Styling Issue
  - issue#1493: Can't create tree branches with '#' sign
  - feature#1489: Add ability to use parts of OID as value via regex
  - feature: Updated Chinese Simplified translations
  - feature: Updated Dutch translations
  - feature: JavaScript library Chart.js updated 2.7.2
  - feature: Allow snmp formatting functions to detect UTF-8 output
* Mon Feb 26 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.36
  - issue#934: Template names missing in graph management list
  - issue#1211: CDEF and VDEF Item Edit do not use correct procedures
  - issue#1250: Language support does not support localization properly
  - issue#1331: Log Rotation should occur at midnight on system
  - issue#1334: Console->Users->(Edit) Permissions checkmark descriptions
    missing
  - issue#1336: Debian test suite reports php error
  - issue#1338: Allow automation to be run in debug mode from GUI
  - issue#1339: First graph of second page does not render
  - issue#1340: Unable to open Time Graph View in new tab
  - issue#1348: Toggle context menu of Zoom
  - issue#1351: Errorimage does not render on systems without GD ttf support
  - issue#1353: New installation without config.php silently throws errors
  - issue#1355: Single tree can have the order of the tree changed
  - issue#1357: Data Profile disable fields shown temporarily as editable
  - issue#1359: Settings page generates error for removed plugin tab
  - issue#1362: DSStats Avg/Peak function broken due to change in RRDtool
    processing
  - issue#1365: Plugin Management enforce folder name
  - issue#1366: Improve error/info message display
  - issue#1380: Potential failure when updating script type
  - issue#1384: When installing/enabling plugins, current user and admin should
    get permissions
  - issue#1386: form_selectable_cell() ignores width if no style_or_class is
    passed
  - issue#1389: Poller is including plugins that are not installed
  - issue#1390: Plugin uninstall should prompt user before removal
  - issue#1396: Prevent installation/uninstallation of a plugin if dependency
    is present
  - issue#1397: Distinguish between plugin tabs and core tabs in settings
  - issue: Allow dynamic setting of from name when emailing
  - issue: Data Query Cache filter layout more consistent
  - issue: Minor plugin permissions format change
  - issue: Implementation of error handling causes errors creating New Graphs
  - issue: Deprecated DDStats setting removed
  - issue: Graph context menu items are now context aware
  - issue: Validate spine path before allowing enabling of spine
  - issue: Errored settings fields now highlighted correctly on error
  - issue: Add the Default Device to the Default Tree at install time
  - issue: Secpass password verification error message unuseful
  - feature: Searching of SNMP Index in View Data Query Cache now works
  - feature: Presets now have default device Template
  - feature: JavaScript library c3.js updated (v0.4.21) / jstree.js (3.3.5)
  - feature: PHPSecLib updated 2.0.10
  - feature: Updated Dutch translations
* Mon Feb 12 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.35
  - issue#114: *all_max_peak* percentile calculations incorrect
  - issue#430: Pressing Back often fails to work as expected
  - issue#564: Fail to move items in graph template as desired
  - issue#981: Hyperlinks for Data Profile stats
  - issue#993: Realtime not working on remote pollers for certain data query
  - issue#1244: Errors importing templates with deprecated hashes
  - issue#1251: Allow zoom out through mouse mmiddle button
  - issue#1281: Max OIDs setting is for bulkget and not bulkwalk operations
  - issue#1286: Correct CHUNKED_ENCODING error when retrieving graph with
    some browsers
  - issue#1306: Graphs are not always refreshed properly
  - issue#1309: Provide meaningful authentication errors in graph_json.php
    and graph_image.php
  - issue#1310: Return button fails on change password page
  - issue#1315: Realtime not working on local data collector
  - issue#1316: CDEF Item Value dialog does not update creating items
  - issue#1319: Front end + remote poller - connection timeout issue
  - issue#1321: Use RRDtool pipelining functions within DSSTATS
  - issue#1323: Enhance form layout for readability
  - issue#1329: Spelling errors in automation_networks.php
  - issue: Validate regular expressions if specified in add_graphs.php
  - issue: Ensure compression levels are consistent when importing package
* Tue Feb 06 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.34
  issue#1040: PHP version 7.2 - ERROR PHP WARNING: sizeof()
  issue#1195: Improved Javascript error message handling
  issue#1245: Unable to reorder graph name suggested values
  issue#1256: Error reporting of custom errors not displayed correctly
  issue#1257: Boost excessively logging updates
  issue#1258: cacti.sql updated to match expected schema
  issue#1260: Tab images fail to render due to TrueType support in PHP GD Module
  issue#1261: Automatic logout timeout does not apply to web basic authenication
  issue#1263: CLI utility to validate database schema
  issue#1266: Inconsistent usage graphWrapper CSS causes odd graph zoom behavior
  issue#1268: Regex filters not working properly
  issue#1274: Host CPU script checks value existance to avoid error
  issue#1275: SNMP v3 authPriv fails to work
  issue#1287: JSON calls return validation error in HTML format
  issue#1289: Script Server should output parameter array rather than parameters
  issue#1292: Chrome to aggressively caches Javascript files
  issue#1293: Correctly identify if command 'snmpbulkwalk' is available
  issue#1296: CactiErrorHandler does not ignore PHP suppressed errors
  issue#1300: Automation discovery : New devices added by automation discovery
    have empty SNMP community field
  issue#1302: Automatic logout should not be enforced on login page
  issue#1304: mib_cache.php file contains unsafe transactions for binary logging
  feature: CLI utilily to generate and verify file hashes for installed Cacti
    files
  feature: Logging links back to appropriate areas for troubleshooting
  feature: Logging lists filenames in reverse order
* Tue Jan 23 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.33
  - issue#1253: Automatically generated RRDtool DEF names in Cacti
    1.1.32 break existing Graph Templates
* Mon Jan 22 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.32
  - issue#969: Undefined index: color_id / task_item when viewing graphs
  - issue#1166: Fix typo of 'locale' in global_languages.php
  - issue#1222: Graphs with large number of items causes RRDTool to error
  - issue#1230: PHP Fatal error: Call to undefined function
    get_max_tree_sequence()
  - issue#1238: SNMP functions fail to handle "Invalid object identifier"
    error
  - issue#1239: Browser console error in layout.js
  - issue#1240: Page layout issues caused by library update
  - issue#1246: Make SNMP Error return more info
  - issue: Missing or corrupted theme files can corrupt user settings
  - issue: Theme may not change until next login
  - issue: Tree edit Tree/Device/Graph drag areas incorrect
  - issue: Make callback error handling compatible with jQuery 3.x
  - issue: Ensure the snmp_error is cleared before every call
  - issue: Indicate unknown error when RRDTool returns no error message
  - feature: Update Javascript library: js.storage.js, d3.js, jquery.js,
    jquery.tablednd.js, jquery.timepicker.js
* Wed Jan 17 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.31
  - issue#629: Site reload after delete the last letter in the searchbar
  - issue#1022: Discovery network stuck in "running" state does not
    return results
  - issue#1164: Version compare function fails on major/minor only
    versions
  - issue#1166: Invalid New User default language selection
  - issue#1175: Automatic logout inconsistent redirect
  - issue#1179: Warn during installation if installing moving to older
    version
  - issue#1183: Automatically detect missing Theme and use alternate
  - issue#1185: Layout with Graphs having large number of data columns
  - issue#1189: Allow ability to sort tree list by name asc/desc
  - issue#1190: Enabling, Disabling, Uninstalling plugin, you should
    page refresh
  - issue#1191: Tree sequences were not set or checked
  - issue#1197: Add more collection intervals to Data Source Profiles
  - issue#1206: Display issue with internationalization number format
  - issue#1210: CDEF and VDEF Items can not be properly edited
  - issue#1212: Navigation breadcrumbs fail to handle External links
    correctly
  - issue#1213: PHPMailer trying TLS despite SMTPSecure setting
  - issue#1215: Show version when installation prompts for license
  - issue#1217: Add ability to view/edit Input/Query when editing
    Data Template
  - issue: Named colors fail to import on install or upgrade
  - issue: Drag and Drop issues on multiple pages could corrupt
    sequencing
  - feature: Enhance filter to permit more glyphs for table headers
  - feature: Add a page refresh dropdown to the Automation Networks
  - feature: Enhanced SNMP v3 input forms
  - feature: Allow Trees to be rearranged using Drag and Drop
  - feature: Trap GUI callback errors and present error message
* Thu Jan 04 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.30
  - issue#1155: Non-secure mail setting not functional due to changes
    in phpmailer
  - issue#1157: Resolve issue with branch permission api
  - issue#1158: Change CLOG to use regex replacement so line details
    are not mangled
  - issue#1161: Graph View regex's are not preserved during automatic
    page refresh
  - issue#1162: Error messages are not display when editing a user
  - issue#1166: Default language was not correctly set when editing a
    user
  - issue: basename function undefined during upgrade to 1.0.x
  - issue: Storage API and translations required for Change password
    function
  - issue: ALTER IGNORE still throws an error when attempting to drop
    the primary key
  - issue: Data Source profile form API generates error when system is
    half upgraded
  - issue: Resolve issue with importing packages
  - feature: Update package versions for Cacti version 1.1.29
* Wed Dec 27 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.29
  - issue#871: Allow Nth Percentile and Bandwidth Summation to respect
    'Base Value' in template
  - issue#965: Duplicate error message and incorrect error code when
    using LDAP authentication
  - issue#1084: Graph Tree Branch not properly populating when editing
    report item
  - issue#1104: Datetime formatting in developer debug mode incorrect
  - issue#1106: Template Filters has empty row
  - issue#1109: URL used in redirection when referrer already has
    parameters in it
  - issue#1110: Add CPU Total to 'SNMP - Get Processor Information'
  - issue#1111: PHP NOTICE when using LDAP authenication
  - issue#1116: Filters not allowing "None" or "All" when editing
    report item
  - issue#1119: Reduced amount of data fetched for CPU usage to just
    the data used
  - issue#1121: Bandwidth summation not using correct locale
  - issue#1122: Fix issue with local login / potential password problems
  - issue#1128: Resolve php warning when raising messages
  - issue#1130: Fix logging level issue where logs of same level as setting
    where not logged
  - issue#1131: Make upgrade_database.php use same version compare as
    /install/ system
  - issue#1133: Fix issues with variable name and debug log
  - issue#1141: When viewing graphs from list view, pagination causes list
    view filter to be cleared
  - issue#1143: ss_host_cpu.php - Division by zero / Invalid Return Value
  - issue#1146: Installation now checks URI path matchs with configuration
    option URL_PATH
  - issue: Updated Graph pagenation and filter reset
  - issue: Resolve issues with cacti_version_compare() processing
  - issue: Zoom context menu stays open after zoom out actions
  - issue: Paginator object was not always translated
* Mon Nov 20 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.28
  - issue#958: User Group Tree permissions not calculated fully
  - issue#959: Issue viewing email reports due to email client
    decoding problems
  - issue#992: RRDfile naming issues that result from random sorting
    during export
  - issue#1012: Issue where disabled devices will not appear in
    Tree editor
  - issue#1044: Handle invalid exclusion regex properly when viewing
    the log
  - issue#1045: Issue with multiple pages and confirmation dialogs
  - issue#1048: Problem importing vdefs from templates
  - issue#1053: Remote Data Collector now works with https and self
    signed certificates
  - issue#1055: Errors in data source statistics inserts when invalid
    output is encountered
  - issue#1057: CVE-2017-16641 - Potential vulnerability in RRDtool
    functions boo#1067166
  - issue#1058: ICMP Ping to and IPv6 address fails to gather data for
    ping latency
  - issue#1059: Aggregate item filter should use regular expressions to
    avoid SQL errors due to flawed filter logic
  - issue#1064: When a Device Template is removed, Automation Templates
    for that Device Template remain
  - issue#1066: CVE-2017-16660 in remote_agent.php logging function
    boo#1067164
  - issue#1066: CVE-2017-16661 in view log file boo#1067163
  - issue#1071: CVE-2017-16785 in global_session.php Reflection XSS
    boo#1068028
  - issue#1074: Boost records get stuck in archive
  - issue#1079: Undefined index in lib/snmpagent.php
  - issue#1085: Undefined function html_log_input_error
  - issue#1086: Rerun data queries in automation process has no effect
  - issue#1087: cli/add_device.php --proxy option does not work with non-snmp
    devices
  - issue#1088: Set timeout for remote data collector context
  - issue: Minor performance increase in boost processing
  - issue: Poller output not empty not processed correctly on Log tab
  - feature: Timeout to the remote agent for realtime graphs
  - feature: Updated Dutch translations
  - feature: Database update adding additional indexes for increased
    performance
  - feature: Updated PHPMailer to version 5.2.26
  - feature: Updated phpseclib to version 2.0.7
* Mon Oct 23 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.27
  - issue#1033: Issues inserting into dsstats table due to legacy data
  - issue#1039: Using html_escape still double escapes.  Use strip_tags
    instead
  - issue#1040: Resolving compatibility issue with PHP7.2
* Mon Oct 16 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.26
  - issue#841: --input-fields variable not working with add_graphs.php
    cli
  - issue#986: Resolve minor appearance problem on Modern theme
  - issue#989: Resolve issue with data input method commands loosing
    spaces on import
  - issue#1000: add_graphs.php not recognizing input fields
  - issue#1003: Reversing resolution to Issue#995 due to adverse impact
    to polling times
  - issue#1008: Remove developer debug warning about thumbnail validation
  - issue#1009: Resolving minor issue with cmd_realtime.php and a changing
    hostname
  - issue#1010: CVE-2017-15194 - Path-Based Cross-Site Scripting (XSS)
  - issue#1027: Confirm that the PHP date.timezone setting is properly set
    during install
  - issue: Fixed database session handling for PHP 7.1
  - issue: Fixed some missing i18n
  - issue: Fixed typo's
  - feature: Updated Dutch translations
  - feature: Schema changes; Examined queries without key usage and
    added/changed some keys
  - feature: Some small improvements
- Build version 1.1.25
  - issue#966: Email still using SMTP security even though set to none
  - issue#995: Redirecting exec_background() to dev null breaks some
    functions
  - issue#998: Allow removal of external data template and prevent their
    creation
  - issue: Remove spikes uses wrong variance value from WebGUI
  - issue: Changing filters on log page does not reset to first page
  - issue: Allow manual creation of external data sources once again
  - feature: Updated Dutch translations
* Mon Sep 18 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.24
  - issue#932: Zoom positioning breaks when you scroll the graph page
  - issue#970: Remote Data Collector Cache Synchronization missing
    plugin sub-directories
  - issue#980: Resolve issue where a new tree branches refreshs before
    you have a chance to name it
  - issue#982: Data Source Profile size information not showing properly
  - issue: Long sysDescriptions on automation page cause columns to
    be hidden
  - issue: Resolve visual issues in Classic theme
  - feature: Allow Resynchronization of Poller Resource Cache
* Tue Sep 12 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.23
  issue#963: SQL Errors with snmpagent and MariaDB 10.2
  issue#964: SQL Mode optimization failing in 1.1.22
- Build version 1.1.22
  issue#950: Automation - New graph rule looses name on change
  issue#952: CSV Export not rendering chinese characters correctly
    (Second attempt)
  issue#955: Validation error trying to view graph debug syntax
  issue: MySQL/MariaDB database sql_mode NO_AUTO_VALUE_ON_ZERO
    corrupts Cacti database
  issue: When creating a data source, the data source profile does
    not default to the system default
  feature: Enhance table filters to support new Cycle plugin
  feature: Updated Dutch Translations
* Tue Sep 05 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.21
  issue#938: Problems upgrading to 1.1.20 with one table alter
    statement
  issue#952: CSV Export not rendering chinese characters correctly
  issue: Minor alignment issue on tables
- Build version 1.1.20
  issue#920: Issue with scrollbars after update to 1.1.19 related
    to #902
  issue#921: Tree Mode no longer expands to accomodate full tree
    item names
  issue#922: When using LDAP domains some setings are not passed
    correctly to the Cacti LDAP library
  issue#923: Warninga in cacti.log are displayed incorrectly
  issue#926: Update Utilities page to provide more information on
    rebuilding poller cache
  issue#927: Minor schema change to support XtraDB Cluster
  issue#929: Overlapping frames on certain themes
  issue#931: Aggregate graphs missing from list view
  issue#933: Aggregate graphs page counter off
  issue#935: Support utf8 printable in data query inserts
  issue#936: TimeZone query failure undefined function
  issue: Taking actions on users does not use callbacks
  issue: Undefined constant in lib/snmp.php on RHEL7
  issue: Human readable socket errno's not defined
  issue: Audit of ping methods tcp, udp, and icmp ping. IPv6 will still
    not work till php 5.5.4
* Mon Aug 21 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.19
  issue#810: Scripts in packages don't match distribution
  issue#919: Unable to upgrade to 1.1.18
  issue: Update documentation for minimum PHP 5.4
- Build version 1.1.18
  issue#902: Correcting some issues with Console and External Links
  issue#903: Upgrade pace.js to v0.7.8
  issue#904: Allow user to hide Graphs from disabled Devices
  issue#906: Create a separate Realm for Realtime Graphs
  issue#907: XSS issue in spikekill.php
    CVE-2017-12927 bsc#1054390
  issue#910: Boost last run duration generates an error on new install
  issue#914: Unable to purge Cacti logfile from System Utilities
  issue#915: Non-numeric data in ss_host_disk.php
  issue#916: Resolve display of errors when encountering ldap issues
  issue#918: Minor XSS and create generalized escape function
    CVE-2017-12978 bsc#1054742
  issue: Resolve JavaScript errors on Login page
  issue: Resolve JavaScript errors on Permission Denied pages
  issue: Graphs tab would appear in non-classic even if you did not
    have permissions
  feature: Updated dutch translations
* Tue Aug 15 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.17
  issue#450: List View to Preview shows no results
  issue#486: Export Device table results to CSV
  issue#544: Allow Log Rotation to be other than Daily
  issue#673: Downtime/Recovery time/date is set incorrectly
  issue#819: Customized timespans for graphs
  issue#888: Rebuilding Poller Cache when External data sources are
    present results in false positive warnings in the log
  issue#891: Database.php unable to connect to MySQL when using port
    different than 3306
  issue#893: Warning messages when duplicating CDEF objects
  issue#897: Due to browser use of special key, deprecate ctrl-shift-x
    for clearing filter
  issue#898: Issue with tcp and udp ping due to file description
    allocation changes
  issue: Unable use ipv6 ip addresses for snmp ping in the Cacti GUI
  issue: Update language of the Rebuild Poller Cache menu pick
  issue: Broken design for input controls with Sunrise theme
  issue: Timespan switching not switching to Custom in Preview Mode
  issue: Log rotation would not occur under certain conditions.
    Provide more control over log functions
  issue: Purge log file always purged the cacti.log, not the selected
    log
  issue: Unable to view graphs for errored data sources from Cacti log
* Tue Aug 01 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.16
  issue#865: Escape Data Query arguments to prevent issues with
    special characters
  issue#872: Can't add device items to graphs generated with no
    device and no template
  issue#875: When modifying Realm permissions, realms that are
    listed multiple times don't stay in sync
  issue#877: Improving resolution to issue#847 and one additional
    vulnerability
    CVE-2017-12065 bsc#1051633
  issue#878: Ambiguous language in purge log function
  issue#879: SQL Error when adding a report item to a report
  issue#880: Device drop down is limited to 20 devices and lacks
    a scroll bar
  issue#885: Graph generated with no device and no graph template
    forgets device definitions
  issue#886: Unable to export templates other than Device templates
  issue: Address additional corner cases around get_order_string usage
  issue: Data Queries sharing a Data Source can result in poller
    output table not empty errors
  issue: Fix Sunrise theme to properly theme multiselect widgets
  issue: Increase height of multiselects so that more options are
    visible
  issue: When a graph is locked, anchor tags are still functional
Version: 1.1.38-bp150.2.4
* Mon Jul 24 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.15
  - issue: PHP Fatal Exception on upgrade from 1.1.11 or earlier
  - feature: Added test to detect install upgrade code problems
Version: 1.2.11-5.1
* Sat Apr 11 2020 andreas.stieger@gmx.de
- cacti 1.2.11:
  * security fixes and hardening (boo#1169215)
    + Add SameSite support for cookies
    + Cookie should be properly verified against password
    + CSRF at Admin Email
    + Improper Access Control on disabling a user
    + Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1
  * a number of bug fixes
  * feature additions
    + Allow system uptime to be a variable for use with graphs
    + Add Refresh Interval to Data Collectors display
    + Add Location based filtering
    + Allow for Purging of Data Source Statistics from the GUI
    + Restore ability to duplicate a data profile
    + Enhance table navigation bars to support systems with larger number of items
    + Increase length of Graph Item 'value' field to support pango-markup better
    + Allow Basic Auth Accounts to be mapped by CSV file
    + Make form elements under checkbox_groups flow using flex grid style
    + Set the domain attribute to secure cookies for the 'remember me' option
    + Enhance the "Graph Debug Mode" to display RRDtool Command lengths and excess warnings
* Sun Mar 15 2020 info@paolostivanin.com
- cacti 1.2.10:
  * CVE-2020-8813: when guest users have access to realtime graphs,
    remote code could be executed (boo#1164675)
  * When using User Domains, global template user is used instead of
    the configured domain template user
  * Unix timestamps after Sep 13 2020 are rejected as graph start/end
    arguments
  * many bug fixes
* Sat Feb 15 2020 andreas.stieger@gmx.de
- cacti 1.2.9:
  * CVE-2020-7106: Lack of escaping on some pages could lead to XSS
    exposure (boo#1161297)
  * CVE-2020-7237: Remote Code Execution due to input validation
    failure in Performance Boost Debug Log (boo#1161297)
  * many bug fixes
* Sun Feb 02 2020 andreas.stieger@gmx.de
- cacti 1.2.8:
  * CVE-2019-17357: When viewing graphs, some input variables were
    not properly checked (SQL injection possible) [boo#1158990]
  * CVE-2019-17358: Unsafe deserialisation of data [boo#1158992]
  * When using HTTPS, secure cookie to prevent potential weakness
  * various bug fixes
* Thu Oct 17 2019 rbrown@suse.com
- Remove obsolete Groups tag (fate#326485)
* Mon Sep 30 2019 liedke@rz.uni-mannheim.de
-Build version 1.2.7
  - security#2964: CVE-2019-16723 Security issue allows to view all graphs
  - issue#1181: When opening the Scheduler, it may appear off screen when
    opened near the bottom of a window
  - issue#2894: When using Remote Data Collectors, database information and
    recommendations may show Incorrect values
  - issue#2895: When using data sources from different RRDs, Percentile
    calculation may be incorrect
  - issue#2899: When displaying a form, variable substitution may not always
    work as expected
  - issue#2922: When running a data query, the result may come back as undefined
  - issue#2925: When using consolidation functions, retrieving the first step
    can cause errors
  - issue#2926: When editing a graph, variable validation errors may prevent
    changes from being saved
  - issue#2929: Boost performance may become poor even in single server mode
  - issue#2930: RRDtool can generate errors to standard output which can corrupt images
  - issue#2932: When RRDTool generates an error creating an image, it is not
    always reportedly properly
  - issue#2936: Installer will loop when number of tables exceeds PHP's max_input_vars limit
  - issue#2938: Under CentOS packages, upgrade_database.php script uses incorrect
    location for DB upgrade scripts
  - issue#2940: Images are not always properly sized until the page size changes
  - issue#2949: Order icons may not be properly aligned
  - issue#2951: Allow legends to be modified for Aggregate Graphs
  - issue#2958: Drop down autocomplete lists do not always open as expected
  - issue#2961: When syncing device templates, undefined function may be raised
  - issue#2963: When running ss_cpoller script, avgTime incorrect returns maxTime
  - issue#2966: Realtime popup windows do not always honor settings
  - issue#2967: When using Spikekill, gap and range fill are not operating as expected
  - issue#2970: When a user edits their profile, buttons may appear as unusable whilst
    still being enabled
  - issue#2973: User menu does not always display properly on mobile devices
  - issue#2974: Script Server can raise unexpected warnings when 'arg_num_indexes'
    set but not found in data source
  - issue#2975: Datasource Debug does not properly handle European numbers in
    certain circumstances
  - issue#2976: Boost messages should be stored in their own log file
  - issue#2977: Data updates with past timestamps can cause boost errors
  - issue#2978: Moving hosts between data collectors is slow
  - issue#2979: Multi Output Fields are not parsed correctly
  - issue#2984: When checking SQL fields, value was not always primed
  - issue#2986: Selecting 'Devices' menu pick closes 'Management' menu
  - feature#2943: Allow all Data Queries of a device to be re-indexed at once
  - feature#2952: If device is down or threshold breached, highlight in tree view
  - feature#2985: Update phpseclib to 2.0.23
* Mon Sep 02 2019 liedke@rz.uni-mannheim.de
-Build version 1.2.6
  - issue#2794: Graph template not saved on graph edit
  - issue#2825: "innodb_doublewrite = off" possibly dangerous recommendation
  - issue#2829: PHP recommendations always see memory limit as unlimited
  - issue#2830: Disabled Top/Bottom external links should not be displayed
  - issue#2832: Install/Upgrade log does not show anything
  - issue#2833: Undefined index can occur when data source does not have an
    snmp_index
  - issue#2834: Boost performance drops on very large systems
  - issue#2835: When creating graphs and inneficient query is causing long
    creation times
  - issue#2837: Sunrise theme does not render checkboxes 100% correctly
  - issue#2838: jQueryMultiselect does not match upstream due to forking
  - issue#2839: Non regular expression search filters don't support international
    characters
  - issue#2841: Total count is wrong after searching for External Link pages
  - issue#2843: DSStats reruns Daily Aggregation every minute
  - issue#2844: Autocomplete settings for passwords are not properly defined
  - issue#2845: Data Template can't be edited when it is in use
  - issue#2846: Allow tooltips for section headers with 'question' icon
  - issue#2847: Permanently convert an Aggregate to a regular graph
  - issue#2848: Aggregate graphs get clipped due to incorrect date range
  - issue#2856: Aggregate issues with very long RRDtool command lines
  - issue#2857: When trying to find the best index to use, a 'must implement
    Countable' warning appears
  - issue#2860: When testing remote poller connections during install, undefined
    variable warning can occur
  - issue#2862: Automation does not calculate network information correctly for
    single hosts
  - issue#2866: Add poller ID to subject for admin notifications
  - issue#2869: When creating aggregates from Graphs, JavaScript issues can occur
  - issue#2872: Add support for MySQL 8 and use of grouping as name for a column
  - issue#2875: Undefined variable when removing spikes in some cases
  - issue#2877: When attempting to send report, undefined function 'get_tinespan' messages appear
  - issue#2878: Function get_magic_quotes_gpc() is now deprecated in PHP 7.4
  - issue#2879: Switching from authPriv to authNoPriv produces error when saving
  - issue#2884: Replication continues to occur when poller has been disabled by sysres-dev
  - issue#2891: Script server script ss_fping.php generates error when not called
    by script server
  - issue#2895: Percentile calculation is incorrect on Graphs with multiple Data
    Sources from different RRDs
  - issue#2901: Poller overrun warning message is badly worded
  - issue#2902: Mailer incorrectly reports it is sending to noone
  - issue#2903: PHP recommendations can generate a warning causing JSON issues
  - issue#2905: Sorting plugins by version can lead to unexpected ordering
  - issue#2907: SSL column for multiple pollers can be incorrectly set causing SQL errors
  - issue#2908: When URL_PATH is blank, it should assume that it is '/'
  - issue#2909: Correct usage of affect vs effect in strings
  - issue#2910: Can not show user menu when in portrait mode on mobile devices
  - issue#2911: Graph variables are not always encoded to JSON properly resulting in warnings
  - issue#2912: Navigation cache can sometimes be corrupted resulting in a non-array value
  - issue#2913: When adding new graphs, the type of graph is not remembered
  - issue#2917: Action icons next to graphs can sometimes become unselectable due to zoom
  - issue#2919: When refreshing menu, selected items are sometimes lost and submenu
    items can become hidden
* Tue Jul 16 2019 liedke@rz.uni-mannheim.de
-Build version 1.2.5
  - issue#1978: Popup Menus can appear off screen when using Graph Thumbnails
  - issue#2282: Installation wizard does not detect RRDtool version correctly
  - issue#2524: When editing a tree, Drag and Drop of Devices does not always
    work as expected
  - issue#2573: Associated Graph Template for Data Query can sometime disappear
  - issue#2656: GPRINT text_format does not replace Data Query and Host Fields
  - issue#2661: Automation does not always calculate network range/subnet correctly
  - issue#2663: Some legacy Data Queries can not determine their index order
    causing broken graphs
  - issue#2674: Large strings can sometimes cause language translation can fail
  - issue#2719: Automation may sometimes create empty graphs
  - issue#2721: When replacing '|input_xxxx|' strings, undefined index can occur
  - issue#2722: Calls to _db_replace() are not consistent resulting in warnings
  - issue#2723: When replicating to remote pollers, Undefined Variable errors may be seen
  - issue#2724: When graphing HRULE items, 'Only Variables should be passed by
    reference' error may be seen
  - issue#2725: When viewing logs in utilities, filenames should be limited the same as clog
  - issue#2726: During Automation logging, include the Rule ID that triggers
    the creation of an item by xmacan
  - issue#2732: When using basic authentication, automatically strip any @domain information
  - issue#2734: Allow non-english labels to be used on Graph Templates
  - issue#2727: When using Polling Hosts Template, warnings can be issued when
    CMD.PHP is the poller
  - issue#2733: When processing SNMP data, space delimited hex strings do not
    always convert into MAC addresses
  - issue#2735: Mouse cursor should show as default pointer if column is not sortable
  - issue#2736: When using MySQL 8 or above, 'function' is considered a reserved word
    unless quoted by xmacan
  - issue#2741: Various errors can occur due to undefined or incorrect variable names
  - issue#2742: Various errors can occur due to undefined or incorrect variable names
  - issue#2743: Attempts to close a tooltip when no tooltip has been set may cause errors
  - issue#2744: When changing password, undefined index error can occur if user is not logged in
  - issue#2748: If PHP location setting is invalid during install/upgrade, this
    should be notified on modules page
  - issue#2750: When performing multiple sort, highlighting of content occurs
  - issue#2751: When editing a Tree, display filter may not allow 'All' option to work
  - issue#2752: When running verbose query on device, you are unable to copy text from items
  - issue#2753: Unable to copy entire verbose query using clipboard command
  - issue#2757: Page Navigation can be subject to XSS injection
  - issue#2758: Various sensitive directories are browsable if web server directory browsing is enabled
  - issue#2760: Unable to add items into a report
  - issue#2762: Creating an aggregate graph can sometimes fail due to unknown RRD tools error
  - issue#2766: When modifying Aggregate Templates, changes are not always cascaded to Graph
  - issue#2768: Aggregate Graphs may sometimes show the wrong row count
  - issue#2770: ItemType is not updated when saving Report Items
  - issue#2772: Add tooltip support to html_header() and html_header_checkbox()
  - issue#2775: Remote pollers may sometimes fail to replicate data back to main system
  - issue#2777: Attempting to edit a non-existent report generates an error
  - issue#2778: When rendering graphs, resizing can sometimes occur repeatedly
  - issue#2779: On new installations, automation rules for Interface Graphs are broken
  - issue#2780: Upgrade database script not actually upgrading Cacti
  - issue#2782: When replicating the syslog plugin, the configuration file is ignored causing errors
  - issue#2783: When limiting the number of displayed characters, international characters
    may sometimes display incorrectly
  - issue#2784: When removing a device with graphs but no data sources , errors are generated
  - issue#2785: When editing a graph rule, warnings incorrectly appear about unsaved changes
  - issue#2792: When a checkbox 'friendly name' has a comma, checkbox functionality stops working
  - issue#2797: When upgrading from before 1.x, SuperLinks view permissions may not be correct
  - issue#2799: Under heavy use of Real Time Graphs, SQL errors may start appearing
  - issue#2800: When editing a tree, using a comma in the search field stops search from working
  - issue#2802: If a Device lacks ifName, an alternative field is not always found even if available
  - issue#2807: When editing a Data Template that has dependant graphs, some attributes
    should not be modifiable
  - issue#2808: When navigating a tree, the layout may unexpectedly move
  - issue#2814: When viewing the utilities page, HTML tags may be seen rather than rendered
  - issue#2816: When viewing logs, paging does not always working correctly
  - issue#2818: Automation can sometimes incorrectly add duplicate devices with the same sysname
  - issue#2820: When path is blank, is_resource_writable() will generate 'Uninitialized string offset: -1'
  - issue#2821: When the desired locale can not be located, a number format issue may occur
  - feature#2728: Update phpseclib to 2.0.17 by DavidLiedke
  - feature#2809: Update c3.js & d3.js by DavidLiedke
  - feature#2730: Update jstree.js to 3.3.8 by DavidLiedke
  - feature#2754: Allow Devices, Graphs and Data Sources to be searched by ID
  - feature#2765: When editing a tree, allow cascading selection of available graphics
  - feature#2805: Merged plugins are not always upgraded correctly
  - feature#2823: Enhance the splice_rrd.php to be able to merge RRDfiles of differing step
* Thu Jun 13 2019 liedke@rz.uni-mannheim.de
-Build version 1.2.4
  - issue#2523: Send A Test Email stops working under PHP 7.3
  - issue#2589: Missing RRD file can cause DSSTATS to throw errors
  - issue#2590: When installing, chosen language is sometimes lost
  - issue#2591: Menu selection does not always match selected page/section
  - issue#2592: When viewing an aggregate graph, 'Display graphs from this aggregate'
  option does always not work
  - issue#2593: Unable to migrate aggregate graphs to matching aggregate template
  - issue#2598: Creating an aggregate graph without associated template causes
    RRDtool error
  - issue#2599: Creating/Updating an Aggregate Graph to use LINE/STACK's
    generates invalid SQL statements
  - issue#2604: When adding a dataquery, SQL errors can be generated
  - issue#2605: When installing, checking database tables can cause errors
  - issue#2608: db_update_table() function should not require an engine type or comment
  - issue#2609: When updating from earlier than 1.2, timezone column might not exist
  - issue#2610: Data Sources troubleshooter generates warning that each()
    function is deprecated
  - issue#2612: When RRDtool fails to initialize, DSStats generates lots of warnings
  - issue#2618: ifAdminStatus in snmp_queries/interfaces.xml
  - issue#2621: File paths that accept blanks are not allowing blanks
  - issue#2622: Various undefined variables generate errors within database.php
  - issue#2623: When using form_text_area(), invalid HTML can be generated
  - issue#2627: Some filenames can be lost in log file selection list
  - issue#2629: When upgrading, ldap library is not loaded properly due to incorrect paths
  - issue#2632: Automated Networks are not being properly replicated to additional pollers
  - issue#2635: When running automation scans, database connection should be
    forced to central database
  - issue#2638: Support disabling PHP SNMP extension by mhoran
  - issue#2645: Some URLs are incorrectly calculated
  - issue#2649: Automation not creating graphs when there are custom items
  - issue#2650: Several undefined variables are generating warnings
  - issue#2662: HRULE objects broken in some cases
  - issue#2668: Trailing parentheses are removed from the SNMP system description
  - issue#2672: Cacti Install on Windows Fails
  - issue#2676: Skin paper plane not working on iPhone XR
  - issue#2678: Call to undefined function _() in data_queries.php
  - issue#2679: Users with passwords that do not meet complexity requirements are
    not redirected to the Change Password page
  - issue#2680: Remove deprecated $php_errormsg usage
  - issue#2689: Increase boost maximum memory limits
  - issue#2693: Graph links do not contain URL path causing links to fail
  - issue#2698: Avoid duplicated icon in the main.js of all themes
  - issue#2699: Login option "Show the page that user pointed their browser to"
    does not work properly
  - issue#2702: sqltable_to_php.php does not always generate valid table data arrays
  - issue#2707: Some pages that have permission errors dont raise proper messages
  - issue#2712: PHP memory should be unlimited in scripts that need more memory than the default
  - issue#2713: SNMP System Description with UTF8 strings properly are not properly parsed
  - issue#2718: When links are converted to ajax calls, mailto links should not be included
  - issue#2720: When calculating percentiles, the value is incorrect as
    the steps are not placed in correct order
  - feature#2538: Allow users to change default method of removing data sources
    when deleting graphs
  - feature#2539: Allow users to set the default graph lock status
  - feature#2540: Allow users to enable/disable graph tree history
  - feature#2646: Allow application of automation rules on CLI by rb83
  - feature#2654: New hook to notify plugins of user profile changes ('auth_profile_update_data')
  - feature#2664: Add option to purge spikekill backups
  - feature#2701: Provide option to continue graphing objects that loose their index
  - feature#2704: Device and template cache do not refresh properly
* Sun Mar 31 2019 liedke@rz.uni-mannheim.de
-Remove cacti-ss_fping.patch
-Build version 1.2.3
  - issue#1063: Tree View does not display the last item correctly under
    'Modern' theme
  - issue#2282: Install Wizard does not Detect RRDtool Version on Windows
  - issue#2430: "New Device" menu item showing as selected incorrect
    when "Devices" clicked
  - issue#2435: Tree View becomes narrower and narrower when
    expanding/collapsing nodes with long names
  - issue#2449: Index incorrectly changed to 1 if the index is alphanumeric
    when  OID/REGEXP: or OIDVALUE/REGEXP:
  - issue#2452: Missing 'getSNMPQueries()' function when calling
    add_data_query.php
  - issue#2453: When running add_graphs.php, cannot retrieve list of valid
    snmp values
  - issue#2460: sqltable_to_php.php does not export 'default' value
    of columns correctly
  - issue#2456: When attempting to display actions that can be taken,
    having no actions caused error
  - issue#2457: When creating a graph, undefined function prevents
    confirmation from appearing
  - issue#2459: ss_host_disk.php attempts to return an empty array
    instead of a string
  - issue#2463: Partial Fix: Display zombie data sources without graphs
  - issue#2464: When viewing a User's effective permissions, disabled
    devices should show denied
  - issue#2465: Too many groups hide effective permission column when
    viewing User's effective permissions
  - issue#2466: Manual data source creation is broken
  - issue#2469: When using Matching Objects filter within Automation
    Graph Rules, unexpected redirect occurs
  - issue#2471: When Creating a new Graph Template, clear the Graph
    Template permissions cache
  - issue#2472: Bad navigation items cause Array to string conversion errors
  - issue#2474: REGEXP_SNMP_TRIM does not handle Gauge fields properly
  - issue#2475: When resetting filters, multiple sort session variables do
    not always reset properly
  - issue#2476: When using CMD.PHP for polling, device polling time is not updated
  - issue#2477: When saving a Data Input Method, Output Field name changes
    to incorrect value
  - issue#2478: When saving a LINEX type Graph Item, the Line Width value is
    too restrictive
  - issue#2479: RPN function select list should be sorted when editing
    CDEF and VDEF's
  - issue#2480: RRDtool versions in Cacti not granular enough
  - issue#2482: When upgrading past 1.1.34, upgrade attempts to drop a
    non-existing primary key
  - issue#2491: Data Source Info suggests commands RRDTool can't honor
  - issue#2492: When data templates are filtered by profile, data source
    list does not get same filter applied
  - issue#2493: Data Source Info is not separated properly
  - issue#2494: User Login History is not fully enabled for translations
  - issue#2497: When linking to Graphs, unless both start and end are
    specified, only defaults are used
  - issue#2499: Data Source reapply names does not update name from
    data query or template.
  - issue#2500: Allow Data Source repairs from the Data Source Debug and
    Data Source Info pages
  - issue#2502: Unable to have a min or max value for RRDfile at zero '0'
  - issue#2503: The Cacti Statistics Device Template is not include in release
  - issue#2509: When checking for correct Unicode, minimum MySQL version
    is incorrect
  - issue#2513: When a plugin INFO file is malformed or missing elements,
    plugin_load_info_file() should fill missing elements
    with defaults
  - issue#2519: When editing a data query, graph template picker shows
    poor performance
  - issue#2518: Unexpected errors when filtering Data Sources with
    invalid 'rows' value
  - issue#2522: When upgrading from pre-1.0.0, colors were not upgraded
    properly by Givo29
  - issue#2525: Tree branches that includes sites which have valid devices
    do not appear on Graph Tree
  - issue#2527: When importing a package, if Cacti version is below the
    version which that exported, a clear message should be shown
  - issue#2531: When updating color template items, the table name used
    is incorrect by Givo29
  - issue#2535: Ensure Graph ListView uses same UI logic as Graph Management
  - issue#2537: Incorrect title showing when changes are made to Tree
  - issue#2543: Poor performance showing a device's graphs on a tree
  - issue#2547: RRD values are not being properly trimmed
  - issue#2551: When checking MySQL configuration values, consider ON/OFF
    to be equal to 1/0
  - issue#2553: When upgrading from 1.0.0 or below, renaming automation
    columns can cause issues
  - issue#2555: Missing configuration defaults prevent installations/upgrades
    without showing reason
  - issue#2563: When sorting Data Sources, missing index causes unnecessary delays
  - issue#2564: Filtering for Orphan Data Sources is unreliable
  - issue#2565: Pages with 500+ selectable items in a single able can
    suffer from poor performance
  - issue#2568: When querying for diagnostic data, devices on remote pollers
    should proxy the request
  - issue#2571: External Links do not properly validate user permissions
  - issue#2575: Poller errors occur if a file exists that the website cannot read
  - issue#2576: Spikekill API does not work when called from plugins
  - issue#2578: When importing packages, missing/new resources are not created
  - issue#2581: When viewing poller cache, Device SNMP community is not
    properly escaped
  - issue#2583: When JSON module is not installed, Installer does not
    correctly show missing message
  - issue#2584: When user/group permissions are reset, this is not reflected
    immediately to the end user
  - feature#2505: Improve performance of Data Source Statistics
  - feature#2515: Allow more than one SNMP port to be specified when
    adding devices via CLI
  - feature: Update phpseclib to version 2.0.15
  - feature: Adjust the max table rows based upon value of 'max_input_vars'
* Thu Feb 28 2019 liedke@rz.uni-mannheim.de
-Add cacti-ss_fping.patch
* Mon Feb 25 2019 liedke@rz.uni-mannheim.de
-Build version 1.2.2
  - issue#599: Aggregate graph templates assume AVG consolidation function
  - issue#2312: Retrieving Device Information appears to fail on Safari
  - issue#2317: Unabe to add new records to 'poller_time' table
  - issue#2327: Memory exhausted whilst running poller replication
  - issue#2334: Some browsers report JavaScript errors when switching to console
  - issue#2337: When running an upgrade, the path of the log file is reset
  - issue#2339: Certain characters in recipient address can cause email to fail
  - issue#2343: Export hooks no longer work due to missing default keyword
  - issue#2346: When listing plugin permissions, "Legacy 1.x Plugins" can appear
    in the wrong cell
  - issue#2347: Allow sort output to inject returned data into a specific object
  - issue#2350: Unable to Select Data Source for HRULES and COMMENTS that include
    nth Percentile and Bandwidth
  - issue#2352: SNMP description field can sometimes contain mangled data
  - issue#2354: When reindexing in Automation, titles are not updated for Graph
    and Data Source
  - issue#2355: Data Sources are sometimes duplicated when Custom Data is specified
  - issue#2357: When indexes are incorrect, poller should log more information
  - issue#2359: When upgrading, "Install/Upgrade" privilege may have been previously lost
  - issue#2360: When retrieving database / table / column information, schema
    name is not always applied
  - issue#2362: No way to default an interface speed when ifSpeed and ifHighSpeed
    come back as zero
  - issue#2365: When editing Aggregate Graphs, orphaned items were not always removed
  - issue#2372: Data Query reindexing leads gaps in Graphs
  - issue#2376: Manually adding a device discovered by Automation causes errors to be logged
  - issue#2380: Devices may experience constant reindexing
  - issue#2384: When authentication method is set to None, change to Builtin as
    None has been removed
  - issue#2393: When reindexing a device, Graph Automation creates duplicate graphs every time
  - issue#2416: SELinux wants APPEND not WRITE permission for Fedora/EPEL (RHEL, Centos)
  - issue#2419: Host state time was not correctly calculated
  - issue#2426: Reinstate missing plugin hooks for 'custom_logout_message' and 'custom_denied'
  - issue#2431: Default value for 'Mail Method' (settings_how) is incorrect resulting in errors
  - issue#2432: Undefined variable warnings when updating RRD data
  - issue#2451: Drag and drop does not always function correctly
  - feature: Update JavaScript library c3.js to version 0.6.12
  - feature: Update phpseclib to version 2.0.14
  - feature: Update PHPMailer to version 6.0.7
  - feature: Update JavaScript library d3.js to version 5.9.1
Version: 1.2.11-bp151.4.6.1
* Sat Apr 11 2020 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.11:
  * security fixes and hardening (boo#1169215)
    + Add SameSite support for cookies
    + Cookie should be properly verified against password
    + CSRF at Admin Email
    + Improper Access Control on disabling a user
    + Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1
  * a number of bug fixes
  * feature additions
    + Allow system uptime to be a variable for use with graphs
    + Add Refresh Interval to Data Collectors display
    + Add Location based filtering
    + Allow for Purging of Data Source Statistics from the GUI
    + Restore ability to duplicate a data profile
    + Enhance table navigation bars to support systems with larger number of items
    + Increase length of Graph Item 'value' field to support pango-markup better
    + Allow Basic Auth Accounts to be mapped by CSV file
    + Make form elements under checkbox_groups flow using flex grid style
    + Set the domain attribute to secure cookies for the 'remember me' option
    + Enhance the "Graph Debug Mode" to display RRDtool Command lengths and excess warnings
* Sun Mar 15 2020 Paolo Stivanin <info@paolostivanin.com>
- cacti 1.2.10:
  * CVE-2020-8813: when guest users have access to realtime graphs,
    remote code could be executed (boo#1164675)
  * When using User Domains, global template user is used instead of
    the configured domain template user
  * Unix timestamps after Sep 13 2020 are rejected as graph start/end
    arguments
  * many bug fixes
Version: 1.2.12-8.1
* Thu May 07 2020 andreas.stieger@gmx.de
- cacti 1.2.12:
  * CVE-2020-7106: Lack of escaping of color items can lead to XSS
    exposure (boo#1163749)
  * Fix multiple graphing bugs and web UI issues
  * Fix multiple warnings, PHP Exceptions and errors
  * Content-Security-Policy prevents External Links from being opened
  * Prevent runtime memory issues by increasing memory limit
  * Improve SNMPv3 handling
Version: 1.2.12-bp151.4.9.1
* Thu May 07 2020 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.12:
  * CVE-2020-7106: Lack of escaping of color items can lead to XSS
    exposure (boo#1163749)
  * Fix multiple graphing bugs and web UI issues
  * Fix multiple warnings, PHP Exceptions and errors
  * Content-Security-Policy prevents External Links from being opened
  * Prevent runtime memory issues by increasing memory limit
  * Improve SNMPv3 handling
Version: 1.2.13-11.1
* Tue Jul 14 2020 andreas.stieger@gmx.de
- cacti 1.2.13:
  * Query XSS vulnerabilities require vendor package update
    (CVE-2020-11022 / CVE-2020-11023)
  * Lack of escaping on some pages can lead to XSS exposure
  * Update PHPMailer to 6.1.6 (CVE-2020-13625)
  * SQL Injection vulnerability due to input validation failure when
    editing colors (CVE-2020-14295, boo#1173090)
  * Lack of escaping on template import can lead to XSS exposure
* Mon May 11 2020 lars@linux-schulserver.de
- switch from cron to systemd timers (boo#1115436):
  + cacti-cron.timer
  + cacti-cron.service
- introduce rpmlintrc for obvious false positives from rpmlint
  + cacti-rpmlintrc
- use fdupes to reduce amount of needed/wasted space
- re-introduce RPM Group to avoid huge rpmlint complains on 15.1
- remove .gitignore and .gitattributes files (not needed)
- avoid potential root escalation on systems with fs.protected_hardlinks=0
  (boo#1154087): handle directory permissions in file section instead
  of using chown during post installation
- rewrote apache configuration to get rid of .htaccess files and
  explicitely disable directory permissions per default
  (only allow a limited, well-known set of directories)