Package Release Info

cacti-1.2.27-bp156.2.3.1

Update Info: openSUSE-2024-276
Available in Package Hub : 15 SP6 Update

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

cacti

Change Logs

Version: 1.2.27-bp155.2.9.1
* Tue May 14 2024 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.27:
  * CVE-2024-34340: Authentication Bypass when using using older password hashes (boo#1224240)
  * CVE-2024-25641: RCE vulnerability when importing packages (boo#1224229)
  * CVE-2024-31459: RCE vulnerability when plugins include files (boo#1224238)
  * CVE-2024-31460: SQL Injection vulnerability when using tree rules through Automation API (boo#1224239)
  * CVE-2024-29894: XSS vulnerability when using JavaScript based messaging API (boo#1224231)
  * CVE-2024-31458: SQL Injection vulnerability when using form templates (boo#1224241)
  * CVE-2024-31444: XSS vulnerability when reading tree rules with Automation API (boo#1224236)
  * CVE-2024-31443: XSS vulnerability when managing data queries (boo#1224235)
  * CVE-2024-31445: SQL Injection vulnerability when retrieving graphs using Automation API (boo#1224237)
  * CVE-2024-27082: XSS vulnerability when managing trees (boo#1224230)
  * Improve PHP 8.3 support
  * When importing packages via command line, data source profile could not be selected
  * When changing password, returning to previous page does not always work
  * When using LDAP authentication the first time, warnings may appear in logs
  * When editing/viewing devices, add IPv6 info to hostname tooltip
  * Improve speed of polling when Boost is enabled
  * Improve support for Half-Hour time zones
  * When user session not found, device lists can be incorrectly returned
  * On import, legacy templates may generate warnings
  * Improve support for alternate locations of Ping
  * Improve PHP 8.1 support for Installer
  * Fix issues with number formatting
  * Improve PHP 8.1 support when SpikeKill is run first time
  * Improve PHP 8.1 support for SpikeKill
  * When using Chinese to search for graphics, garbled characters appear.
  * When importing templates, preview mode will not always load
  * When remote poller is installed, MySQL TimeZone DB checks are not performed
  * When Remote Poller installation completes, no finish button is shown
  * Unauthorized agents should be recorded into logs
  * Poller cache may not always update if hostname changes
  * When using CMD poller, Failure and Recovery dates may have incorrect values
  * Saving a Tree can cause the tree to become unpublished
  * Web Basic Authentication does not record user logins
  * When using Accent-based languages, translations may not work properly
  * Fix automation expressions for device rules
  * Improve PHP 8.1 Support during fresh install with boost
  * Add a device "enabled/disabled" indicator next to the graphs
  * Notify the admin periodically when a remote data collector goes into heartbeat status
  * Add template for Aruba Clearpass
  * Add fliter/sort of Device Templates by Graph Templates
* Mon Feb 26 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Use %autosetup macro. Allows to eliminate the usage of deprecated
  PatchN.
Version: 1.2.26-bp155.2.6.1
* Sun Dec 24 2023 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.26:
  * CVE-2023-50250: XSS vulnerability when importing a template file (boo#1218380)
  * CVE-2023-49084: RCE vulnerability when managing links (boo#1218360)
  * CVE-2023-49085: SQL Injection vulnerability when managing poller devices (boo#1218378)
  * CVE-2023-49086: XSS vulnerability when adding new devices (boo#1218366)
  * CVE-2023-49088: XSS vulnerability when viewing data sources in debug mode (boo#1218379)
  * CVE-2023-51448: SQL Injection vulnerability when managing SNMP Notification Receivers (boo#1218381)
  * When viewing data sources, an undefined variable error may be seen
  * Improvements for Poller Last Run Date
  * Attempting to edit a Data Query that does not exist throws warnings and not an GUI error
  * Improve PHP 8.1 support when adding devices
  * Viewing Data Query Cache can cause errors to be logged
  * Preserve option is not properly honoured when removing devices at command line
  * Infinite recursion is possible during a database failure
  * Monitoring Host CPU's does not always work on Windows endpoints
  * Multi select drop down list box not rendered correctly in Chrome and Edge
  * Selective Plugin Debugging may not always work as intended
  * During upgrades, Plugins may be falsely reported as incompatible
  * Plugin management at command line does not work with multiple plugins
  * Improve PHP 8.1 support for incrementing only numbers
  * Allow the renaming of guest and template accounts
  * DS Stats issues warnings when the RRDfile has not been initialized
  * When upgrading, missing data source profile can cause errors to be logged
  * When deleting a single Data Source, purge historical debug data
  * Improvements to form element warnings
  * Some interface aliases do not appear correctly
  * Aggregate graph does not show other percentiles
  * Settings table updates for large values reverted by database repair
  * When obtaining graph records, error messages may be recorded
  * Unable to change a device's community at command line
  * Increase timeout for RRDChecker
  * When viewing a graph, option to edit template may lead to incorrect URL
  * When upgrading, failures may occur due to missing color table keys
  * On installation, allow a more appropriate template to be used as the default
  * When data input parameters are allowed to be null, allow null
  * CSV Exports may not always output data correctly
  * When debugging a graph, long CDEF's can cause undesirable scrolling
  * Secondary LDAP server not evaluated when the first one has failed
  * When adding a device, using the bulk walk option can make version information appear
  * When parsing a Data Query resource, an error can be reported if no direction is specified
  * Database reconnection can cause errors to be reported incorrectly
  * fix returned value if $sau is empty
  * Add Aruba switch, Aruba controller and HPE iLO templates
  * Add OSCX 6x00 templates
Version: 1.2.25-bp154.2.9.1
* Wed Sep 06 2023 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.25:
  * CVE-2023-30534: Protect against Insecure deserialization of filter data (boo#1215082)
  * CVE-2023-39360: Cross-Site Scripting vulnerability when creating new graphs (boo#1215044)
  * CVE-2023-39361: Unauthenticated SQL Injection when viewing graphs (boo#1215045)
  * CVE-2023-39357: SQL Injection when saving data with sql_save() (boo#1215040)
  * CVE-2023-39362: Authenticated command injection when using SNMP options (boo#1215047)
  * CVE-2023-39359: Authenticated SQL injection vulnerability when managing graphs (boo#1215043)
  * CVE-2023-39358: Authenticated SQL injection vulnerability when managing reports (boo#1215042)
  * CVE-2023-39365: SQL Injection when using regular expressions (boo#1215051)
  * CVE-2023-39364: redirect in change password functionality (boo#1215050)
  * CVE-2023-39366: Cross-Site Scripting vulnerability with Device Name when managing Data Sources (boo#1215052)
  * CVE-2023-39510: Cross-Site Scripting vulnerability with Device Name when administrating Reports (boo#1215053)
  * CVE-2023-39511: Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports (boo#1215081)
  * CVE-2023-39512: Cross-Site Scripting vulnerability with Device Name when managing Data Sources (boo#1215054)
  * CVE-2023-39513: Cross-Site Scripting vulnerability with Device Name when debugging data queries (boo#1215055)
  * CVE-2023-39514: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs (boo#1215056)
  * CVE-2023-39515: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries (boo#1215058)
  * CVE-2023-39516: Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources (boo#1215059)
  * When rebuilding the Poller Cache from command line, allow it to be multi-threaded
  * When searching tree or list views, the URL does not update after changes
  * When creating a Data Source Template with a specific snmp port, the port is not always applied
  * When a Data Query references a file, the filename should be trimmed to remove spurious spaces
  * THold plugin may not always install or upgrade properly
  * RRD file structures are not always updated properly, if there are more Data Sources in the Data Template than the Graph Template
  * When reindexing devices, errors may sometimes be shown
  * Boost may loose data when the database server is overloaded
  * Boost can sometimes output unexpected or invalid values
  * Boost should not attempt to start if there are no items to process
  * Rebuilding the poller cache does not always work as expected
  * Host CPU items may not work poll as expected when on a remote data collector where hmib is also enabled
  * When creating new graphs, invalid offset errors may be generated
  * When importing packages, SQL errors may be generated
  * When managing plugins from command line, the --plugin option is not properly handled
  * When automating an install of Cacti, error messages can be appear
  * When performing automated install of a plugin, warnings can be thrown
  * Automation references the wrong table name causing errors
  * Data Source Info Mode produces invalid recommendations
  * Data Source Debug 'Run All' generates too many log messages
  * The description of rebuild poller cache in utilities does not display properly
  * When reindexing a device, debug information may not always display properly
  * Upon displaying a form with errors, the session error fields variable isn't cleared
  * MariaDB clusters will no longer support exclusive locks
  * RRDtool can fail to update when sources in Data Template and Graph Template data sources do not match
  * Compatibility improvements for Boost under PHP 8.x
  * When searching the tree, increase the time before querying for items
  * Device Location drop down does not always populate correctly
  * When viewing Realtime graphs, undefined variable errors may be reported
  * SNMP Uptime is not always ignored for spikekills
  * Improve detection of downed Devices
  * When reporting missing functions from Plugins, ensure messages do not occur too often
  * When starting the Cacti daemon, database errors may be reported when there is no problem
  * When reporting from RRDcheck, ensure prefix is in the correct casing
  * Improve Orphaned Data Source options and display
  * Parsing the PHP Configuration may sometimes produce errors
  * Security processes attempt to check for a user lockout even if there is no user logged in
  * When attempting to edit a tree, the search filter for Graphs remains disabled
  * When reindexing, a Data Source that could be un-orphaned may not always be unorphaned
  * When parsing a date value, there could be more than 30 chars
  * Untemplated Data Sources can fail to update due to lack of an assigned Graph
  * When processing items to check, do not include disabled hosts
  * When saving a Data Source Template, SQL errors may be reported
  * When importing a Template, errors may be recorded
  * Some display strings have invalid formatting that cannot be parsed
  * When filtering with regular expressions, the 'does not match' option does not always function as expected
  * When enabling a plugin, sometimes it can appear as if nothing happens
  * Ensure the Rows Per Page option shows limitations set by configuration
  * Plugins are unable to modify fields in the setting 'Change Device Settings'
  * When reporting emails being sent, ensure BCC addresses are also included
  * Improve compatibility of SNMP class trim handling under PHP 8.x
  * When importing legacy Data Query Templates, the Template can become unusable
  * Provide ability to raise an event when extending the settings form
  * Prevent unsupported SQL Mode flags from being set
  * The DSStats summary does not always display expected values
  * When performing a fresh install, device classification may be missing.
  * Duplication functions for Graph/Template and Data Source/Template do not return and id
  * Duplication of Device Templates should be an API call
  * Unable to convert database to latin1 instead of utf8 if desired
  * When creating Graphs, the process may become slower over time as more items exist
  * When a bulk walk size is set to automatic, this is not always set to the optimal value
  * Update copyright notice on import packages
  * When viewing Orphan Graphs, SQL errors may be reported
  * When reindexing hosts from command line, ensure only one process runs at once
  * When a Data Query has no Graphs, it may not be deletable
  * When duplicating a Graph Template, provide an option to not duplicate Data Query association
  * When duplicating a Data Template errors can appear in the Cacti log
  * When importing a Package, previewing makes unexpected changes to Cacti Templates
  * When enabling boost on a fresh install, an error may be reported
  * Improve compatibility for backtrace logging under PHP 8.x
  * Improve compatibility for Advanced Ping under PHP 8.x
  * Provide new templates for Fortigate and Aruba Cluster to be available during install
  * Provide new template for SNMP Printer to be available during install
  * When importing devices, allow a device classification to be known
  * Extend length of maximum name in settings table
  * Extend length of maximum name in user settings table
  * Data Queries do not have a Duplication function
  * Upgrade d3.js v7.8.2 and billboard.js v3.7.4
  * Upgrade ua-parser.js to version 1.0.35
  * Update Cisco Device Template to include HSRP graph template
  * New hook for device template change 'device_template_change'
* Mon Feb 27 2023 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.24
  * Fix: Unable to import Local Linux Machine template
  * Fix multiple charting and display issues
  * Compatibility changes for SNMP under PHP 8.2, and other PHP
    compatibility updates
  * Fix multiple issues editing settings
  * timeout fixes for Basic Auth
  * multiple data poller bug fixes
Version: 1.2.23-bp154.2.6.1
* Mon Jan 02 2023 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.23, providing security fixes, feature improvements and
  bug fixes:
  * CVE-2022-46169: Unauthenticated Command Injection in Remote
    Agent (boo#1206185)
  * Security: Add .htaccess file to scripts folder
  * When using Single Sign-on Frameworks, revocation was not always
    detected in callbacks
  * Fixes to the installer, and compatibility with PHP and MySQL
  * Performance improvements for certain conditions
  * Various UI fixes
  * Bug fixes related to SNMP, RRDtools, and agents
Version: 1.2.22-bp153.2.12.1
* Sun Oct 02 2022 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.22, providing one security fix, a number of bug fixes
  and a collection of improvements:
  * When creating new graphs, cross site injection is possible
    (boo#1203952)
  * When creating user from template, multiple Domain FullName and
    Mail are not propagated
  * Nectar Aggregate 95th emailed report broken
  * Boost may not find archive tables correctly
  * Users may be unable to change their password when forced during
    a login
  * Net-SNMP Memory Graph Template has Wrong GPRINT
  * Search in tree view unusable on larger installations
  * Increased bulk insert size to avoid partial inserts and potential
    data loss.
  * Call to undefined function boost_debug in Cacti log
  * When no guest template is set, login cookies are not properly set
  * Later RRDtool releases do not need to check last_update time
  * Regex filters are not always long enough
  * Domains based LDAP and AD Fullname and Email not auto-populated
  * Cacti polling and boost report the wrong number of Data Sources
    when Devices are disabled
  * When editing Graph Template Items there are cases where VDEF's
    are hidden when they should be shown
  * Database SSL setting lacks default value
  * Update default path cacti under *BSD by xmacan
  * Web Basic authentication not creating template user
  * Unable to change the Heartbeat of a Data Source Profile
  * Tree Search Does Not Properly Search All Trees
  * When structured paths are setup, RRDfiles may not always be
    created when possible
  * When parsing the logs, caching would help speed up processing
  * Deprecation warnings when attempting real-time Graphs with PHP8.1
  * Custom Timespan is lost when clicking other tree branches
  * Non device based Data Sources not being polled
  * When Resource XML file inproperly formatted, graph creation can
    fail with errors
  * Update code style to support PHP 8 requirements
  * None" shows all graphs
  * Realtime popup window experiences issues on some browsers
  * Auth settings do not always properly reflect the options selected
    by ddb4github
  * MySQL can cause cacti to become stalled due to locking issues
  * Boost process can get hung under rare conditions until the poller
    times out
  * Exporting graphs under PHP 8 can cause errors
  * Host table has wrong default for disabled and deleted columns
  * RRD storage paths do not scale properly
  * When importing, make it possible to only import certain
    components
  * Update change_device script to include new features by
    bmfmancini
  * Make help pages use latest online version wherever possible
  * Cacti should show PHP INI locations during install
  * Detect PHP INI values that are different in the INI vs running
    config
  * Added Gradient Color support for AREA charts by thurban
  * Update CDEF functions for RRDtool
  * When boost is running, it's not clear which processes are
    running and how long they have to complete
* Sun May 29 2022 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.21:
  * Add a CLI script to install/enable/disable/uninstall plugins
  * Add log message when purging DS stats and poller repopulate
  * A collection of bug fixes
Version: 1.2.20-bp153.2.9.1
* Fri Apr 22 2022 Ferdinand Thiessen <rpm@fthiessen.de>
- Update to 1.2.20
  * Security fix for CVE-2022-0730, boo#1196692
    Under certain ldap conditions, Cacti authentication can be
    bypassed with certain credential types.
  * Security fix: Device, Graph, Graph Template,
    and Graph Items may be vulnerable to XSS issues
  * Security fix: Lockout policies are not properly applied to LDAP
    and Domain Users
  * Security fix: When using 'remember me' option, incorrect realm
    may be selected
  * Security fix: User and Group maintenance are vulnerable to SQL attacks
  * Security fix: Color Templates are vulnerable to XSS attack
  * Features:
  * When creating a Data Source Profile, allow additional choices for Heartbeat
  * Change select all options to use Font Awesome icons
  * Improve spine performance by storing the total number of system snmp_ports in use
  * Prevent Template User Accounts from being Removed
  * When managing by users, allow filtering by Realm
  * Allow plugins to supply template account names
  * When viewing logs, additional message types should be filterable
  * When creating a Graph Template Item, allow filtering by Data Template
  * Allow language handler to be selected via UI
  * Updated Device packages for Synology, Citrix NetScaler, Cisco ASA/Cisco
  * Add Advanced Ping Graph Template to initial Installable templates
  * Add LDAP Debug Mode option
  * Allow Reports to include devices not on a Tree
  * Allow Basic Authentication to display custom failure message
  * Fix: When replicating data during installation/upgrade,
    system may appear to hang
  * Fix: Graph Template Items may have duplicated entries
  * Fix: Unable to Save Graph Settings
  * Fix: Script Server may crash if an OID is missing or unavailable
  * Fix: When system-wide polling is disabled,
    remote pollers may fail to sync changed settings
  * Fix: When updating poller name, duplicate name protection may be over zealous
  * Fix: Titles may show "Missing Datasource" incorectly
  * Fix: Checking for MIB Cache can cause crashes
  * Fix: Polling cycles may not always complete as expected
  * Fix: When viewing graph data, non-numeric values may appear
  * Fix: Utilities view has calculation errors when there are no data sources
  * Fix: When editing Reports, drag and drop may not function as intended
  * Fix: When data drive is full, viewing a Graph can result in errors
  * Various other bug fixes
Version: 1.2.19-bp152.2.16.1
* Sat Nov 06 2021 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.19:
  * Further fixes for grave character security protection (boo#1192408)
  * Fix Over aggressive escaping causing menu visibility issues on Create Device page
  * Add SHA256 and AES256 security levels for SNMP polling
  * Import graph template(Preview Only) show color_id new value as a blank area
  * Fix Editing graphs errors due to missing sequence
  * Fix 2hen hovering over a Tree Graph, row shows same highlighting as Graph Edit screen
  * Fix 2hen RealTime is not active, console errors may appear
  * Fix race conditions may occur when multiple RRDtool processes are running
  * Fix errors creating graphs from templates
  * Fix errors when duplicating reports
  * Fix Boost may be blocked by overflowing poller_output table
  * Fix Template import may be blocked due to unmet dependency warnings with snmp ports
  * Fix Newer MySQL versions may error if committing a transaction when not in one
  * Fix SNMP Agent may not find a cache item
  * Fix Correct issues running under PHP 8.x
  * Fix When polling is disabled, boost may crash and creates many arch tables
  * Fix When poller runs, memory tables may not always be present
  * Fix Timezones may sometimes be incorrectly calculated
  * Fix Allow monitoring IPv6 with interface graphs
  * Fix When a data source uses a Data Input Method, those without a mapping should be flagged
  * Fix When RRDfile is not yet created, errors may appear when displaying the graph
  * Fix Cacti missing key indexes that result in Preset pages slowdowns
  * Fix Data Sources page shows no name when Data Source has no name cache
  * Fix db_update_table function can not alter table from signed to unsigned
  * Fix data remains in poller_output table even if it's flushed to rrd files
  * Fix Parameter list for lib/database.php:db_connect_real() is not correct in 3 places
  * Fix Offset is a reserved word in MariaDB 10.6 affecting Report
  * Fix Rendering large trees slowed due to lack of permission caching
  * Fix Error on interpretation of snmpUtime, when to big
  * Fix Applying right axis formatting creates an error-image
  * Fix Unable to Save Graph Settings from the Graphs pages
  * Fix Graph Template Cache is nullified too often when Graph Automation is running
  * Fix When Adding a Data Query to a Device, no Progress Spinner is shown
  * Fix New Browser Breaks Plugins that depend on non UTC date time data
  * Fix errors when testing remote poller connectivity
  * Fix errors when renaming poller
  * Fix Removing spikes by Variance does not appear to be working beyond the first RRA
  * Fix LDAP API lacks timeout options leading to bad login experiences
  * Add a normal/wrap class for general use
  * Limit File Types available for Template Import operations
  * Fix Cacti does not provide an option of providing a client side certificate for LDAP/AD authentication
  * Support Stronger Encryption Available Starting in Net-SNMP v5.8
  * Allow Cacti to use multiple possible LDAP servers
  * Add a 15 minute polling/sampling interval
  * Provide additional admin email notifications
  * Add warnings for undesired changes to plugin hook return values
  * When creating a Graph, make testing the Data Sources optional by Template
  * Update phpseclib to 2.0.33
  * Update jstree.js to 3.3.12
  * Improve performance of Cacti poller on heavily loaded systems
  * MariaDB recommendations need some tuning for recent updates
Version: 1.2.18-bp152.2.13.1
* Sat Jul 10 2021 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.18:
  * CVE-2020-14424: Lack of escaping on template import can lead to
    XSS exposure under 'midwinter' theme (boo#1188188)
  * Real time graphs can expose XSS issue
Version: 1.2.17-bp152.2.10.1
* Wed May 05 2021 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.17:
  * Fix incorrect handling of fields led to potential XSS issues
  * CVE-2020-35701: Fix SQL Injection vulnerability (boo#1180804)
  * Fix various XSS issues with HTML Forms handling
  * Fix handling of Daylight Saving Time changes
  * Multiple fixes and extensions to plugins
  * Fix multiple display, export, and input validation issues
  * SNMPv3 Password field was not correctly limited
  * Improved regular expression handling for searcu
  * Improved support for RRDproxy
  * Improved behavior on large systems
  * MariaDB/MysQL: Support persistent connections and improve
    multiple operations and options
  * Add Theme 'Midwinter'
  * Modify automation to test for data before creating graphs
  * Add hooks for plugins to show customize graph source and customize
    template url
  * Allow CSRF security key to be refreshed at command line
  * Allow remote pollers statistics to be cleared
  * Allow user to be automatically logged out after admin defined
    period
  * When replicating, ensure Cacti can detect and verify replica
    servers
Version: 1.2.16-bp151.4.18.1
* Fri Dec 18 2020 Andreas Stieger <andreas.stieger@gmx.de>
- fix httpd startup errors due to mismatched configuration
  directives boo#1175314
* Thu Dec 03 2020 Paolo Stivanin <info@paolostivanin.com>
- cacti 1.2.16:
  * When generating a report, the Cascade to Branches function does not as expected
  * When viewing graphs, automatic refresh so not always work as expected
  * Realtime graph pop up counter bug
  * Undefined variable errors may occur when creating a new datasource
  * The cli-based installer does not exit with a non-zero exit code when error occurs
  * When an export is complete, sometimes the progress bar remains
  * When enabling many devices, a threshold can be reached causing a slowdown in the process
  * When performing actions against Devices, replicated device information could sometimes be lost
  * When using API to rename a tree node, backtrace may be incorrectly shown
  * When searching, valid pages can sometimes be shown as empty by ddb4github
  * When exporting data from graphs, not all data was properly included
  * Graph Templates filter is not updated after new graph created by ddb4github
  * Username and password on the login page is not visible in Classic theme
  * Improve wording of concurrent process and thread settings
  * Location filter should remove blank entries by ddb4github
  * When syncing data collectors, a reindex event may be triggered unnecessarily
  * Automation Networks allows discovery of invalid IP addresses
  * When changing permissions of the current user, they don't take effect immediately
  * When reindexing a device, an incorrect page was sometimes displayed
  * When repairing database, audit_database.php does not add missing columns
  * Log page should not be empty if no log info exists
  * During upgrade, there are times when realms can be duplicated leading to SQL errors
  * When using ping.php, UDP response times are not interpreted properly by hypnotoad
  * Improve warning you get when attempting to view a log file you don't have access to
  * When replicating files, scripts are not marked as executable
  * When creating plugin tables, collation is not set properly
  * Update c3.js to version 0.7.20
  * Update Chart.js to version 2.9.4
  * Update phpseclib to version 2.0.29
  * Update PHPMailer to version 6.1.8
  * Use LSB shebang notation for cli scripts
  * Add support for cactid daemon based launcher
  * Add ability to hide the Graph Drilldown icons by datatecuk
  * Add hooks for plugins to show custom Graph Source and custom Template URL (List View)
* Wed Nov 11 2020 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.15, fixing the following bugs:
  * When editing Maximum OIDs Per Get Request, blank value can cause errors
  * Boost may run more often than it should
  * Recache Event Loop can cause Interface Graphs to show gaps
  * When searching Graph Tree's, non matching devices remain visible
  * Page validation errors may occur when opening real time graphs
  * External Links do not always open if they are still open from previous usage
  * Cultural changes to various word usage
  * Replicate deleted device status instead of poller sync
  * Description field allows more characters entered than is stored
  * When installing or upgrading, LDAP functions may not always be included properly
  * Unable to remove discovered device
  * When installing or upgrading, PHP recommendations may not always return a valid value
  * Graph Templates has duplicate SQL delete statement
  * When syncing to remote poller, missing function errors may occur
  * When removing devices from remote pollers, devices may reappear without details
  * When removing devices, array errors may sometimes be recorded
  * Variable injection does not always work as expected
  * Editing Data Queries with multiple data templates can give errors about Suggested values
  * Progress bar does not provide enough visual information during long page loads
  * Some themes do not allow for a way to see which user is currently signed in
  * When viewing tables, allow users to force all columns to be visible
  * Column sizing is being lost between pages refreshes
  * When viewing input methods table, no ID is shown to help identify which method is being viewed
  * Filters do not always respect using keyboard to initiate searching
  * When exporting a data query, an invalid column name error can sometimes be shown
  * When checking if a view is allowed, having no session can result in errors
  * When removing devices via the CLI, undefined variable errors may be seen
  * Real Time Graphs may cause invalid index errors
  * On newer versions of MySQL/MariaDB, 'system' keyword can cause issues
  * Plugin setup can generate errors when reading options via system function
  * Plugin version numbers can be unexpectedly truncated
  * When PHP Session is set to autostart, an error can be reported as Cacti attempts to start it
  * When removing multiple items, selection process does not always work
  * When exporting colors, the indicator is not always removed upon completion
  * Unable to pass tree and leaf ID to 'graph_button' hook
  * When performing maintenance, various errors may sometimes be seen
  * When Guest User setting is active, current user is not always properly set
  * When installing Cacti, minor errors in text can be seen
  * Numbers are not always formatted properly when there are no decimal places
  * When viewing Real Time Graphs, an undefined index error may be recorded
  * Minor memory leaks and refresh issues when zooming on graphs
  * Real Time Graphs may sometimes fail due to folder permissions
  * Navigation can sometimes occur unexpectedly due to background timers
  * Trees management screen not reporting correct number of trees
  * Tree sequences can sometimes skip numbers during resorting
  * Guest user selection should not allow setting the currently logged in user
  * Links in Table Headers do not show clearly when in modern theme
  * Under some cases tree logic leads to undefined index errors
  * Cacti Data Debug can show errors if the Data Source is damaged or has been removed
  * When importing a data query, an invalid column name error can sometimes be shown
  * When using shift functions on graphs, negative values are not allowed
  * Correct issue when file is unreadable reporting no file was specified
  * Orphaned Plugins have no option to be removed
  * Update MySQL recommendations for Character Set and Colation
  * Correct sorting of IP addresses to be numeric not alpha by JamesTilt
  * Saving a device should not always repopulate the poller cache
Version: 1.2.14-bp151.4.15.1
* Mon Aug 03 2020 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.14:
  * Poller keeps using old IP address for a device
  * poller bug fixes and various display fixes
  * Fix XSS vulnerability due to improper escaping of error message
    during template import preview (boo#1174850, CVE-2020-25706)
Version: 1.2.13-bp151.4.12.1
* Tue Jul 14 2020 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.13:
  * Query XSS vulnerabilities require vendor package update
    (CVE-2020-11022 / CVE-2020-11023)
  * Lack of escaping on some pages can lead to XSS exposure
  * Update PHPMailer to 6.1.6 (CVE-2020-13625)
  * SQL Injection vulnerability due to input validation failure when
    editing colors (CVE-2020-14295, boo#1173090)
  * Lack of escaping on template import can lead to XSS exposure
* Mon May 11 2020 Lars Vogdt <lars@linux-schulserver.de>
- switch from cron to systemd timers (boo#1115436):
  + cacti-cron.timer
  + cacti-cron.service
- introduce rpmlintrc for obvious false positives from rpmlint
  + cacti-rpmlintrc
- use fdupes to reduce amount of needed/wasted space
- re-introduce RPM Group to avoid huge rpmlint complains on 15.1
- remove .gitignore and .gitattributes files (not needed)
- avoid potential root escalation on systems with fs.protected_hardlinks=0
  (boo#1154087): handle directory permissions in file section instead
  of using chown during post installation
- rewrote apache configuration to get rid of .htaccess files and
  explicitely disable directory permissions per default
  (only allow a limited, well-known set of directories)
Version: 1.2.12-bp151.4.9.1
* Thu May 07 2020 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.12:
  * CVE-2020-7106: Lack of escaping of color items can lead to XSS
    exposure (boo#1163749)
  * Fix multiple graphing bugs and web UI issues
  * Fix multiple warnings, PHP Exceptions and errors
  * Content-Security-Policy prevents External Links from being opened
  * Prevent runtime memory issues by increasing memory limit
  * Improve SNMPv3 handling
Version: 1.2.11-bp151.4.6.1
* Sat Apr 11 2020 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.11:
  * security fixes and hardening (boo#1169215)
    + Add SameSite support for cookies
    + Cookie should be properly verified against password
    + CSRF at Admin Email
    + Improper Access Control on disabling a user
    + Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1
  * a number of bug fixes
  * feature additions
    + Allow system uptime to be a variable for use with graphs
    + Add Refresh Interval to Data Collectors display
    + Add Location based filtering
    + Allow for Purging of Data Source Statistics from the GUI
    + Restore ability to duplicate a data profile
    + Enhance table navigation bars to support systems with larger number of items
    + Increase length of Graph Item 'value' field to support pango-markup better
    + Allow Basic Auth Accounts to be mapped by CSV file
    + Make form elements under checkbox_groups flow using flex grid style
    + Set the domain attribute to secure cookies for the 'remember me' option
    + Enhance the "Graph Debug Mode" to display RRDtool Command lengths and excess warnings
* Sun Mar 15 2020 Paolo Stivanin <info@paolostivanin.com>
- cacti 1.2.10:
  * CVE-2020-8813: when guest users have access to realtime graphs,
    remote code could be executed (boo#1164675)
  * When using User Domains, global template user is used instead of
    the configured domain template user
  * Unix timestamps after Sep 13 2020 are rejected as graph start/end
    arguments
  * many bug fixes
Version: 1.1.38-bp150.2.4
* Mon Apr 16 2018 liedke@rz.uni-mannheim.de
-Build version 1.1.38
  - issue#1501: cmd.php poller not stripping alpha from snmp get values
  - issue#1515: Special characters not rendered properly in settings
  - issue#1530: Inconsistent behaviour handling blank Field Name/Value
    when editing data query suggested values
  - issue#1537: Numeric validation not ignoring blank elements
* Mon Mar 26 2018 liedke@rz.uni-mannheim.de
- Change minimum php version to 5.4
-Build version 1.1.37
  - issue#274: Allow Realtime Graph Popup Mode
  - issue#1405: When Data Query columns are wide, they cause rendering
    issues
  - issue#1414: DSSTATS reports incorrectly that a data source does not
    exist
  - issue#1419: Filtering log results in errors in the log
  - issue#1420: PHP NOTICE editing cdef and vdef items
  - issue#1421: CLI upgrade_database.php PHP Warning on execution
  - issue#1426: Remote poller erroring attempting to verify files
  - issue#1432: Delete confirmation does not disappear
  - issue#1443: Partial Save warnings under Settings -> Mail/Reporting/DNS
  - issue#1447: CLI audit_database.php not detecting database name, and
    failed to create audit tables when run fresh
  - issue#1453: CLI add_graph.php not allowing title to be set
  - issue#1456: Increase minimum php version maintaining support for RHEL6
  - issue#1457: Path-Based Cross-Site Scripting (XSS) issues
  - issue#1458: Error in logs when creating new graphs
  - issue#1459: Automation filter not applied correctly
  - issue#1461: Setting output_format on input type causes no values to be
    returned
  - issue#1464: Poller stuck in infinitely loop causing excess logging
  - issue#1466: No scrollbars in mobile browsers
  - issue#1468: Increase max length of host.snmp_sysObjectID column
  - issue#1471: Undefined function found in global_languages.php
  - issue#1472: Change Device Options - Style needs updating
  - issue#1474: Check possibility for creation of temporary tables on install
  - issue#1487: Undefined constant in ldap.php
  - issue#1483: Create New Graphs - Paw Styling Issue
  - issue#1493: Can't create tree branches with '#' sign
  - feature#1489: Add ability to use parts of OID as value via regex
  - feature: Updated Chinese Simplified translations
  - feature: Updated Dutch translations
  - feature: JavaScript library Chart.js updated 2.7.2
  - feature: Allow snmp formatting functions to detect UTF-8 output
* Mon Feb 26 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.36
  - issue#934: Template names missing in graph management list
  - issue#1211: CDEF and VDEF Item Edit do not use correct procedures
  - issue#1250: Language support does not support localization properly
  - issue#1331: Log Rotation should occur at midnight on system
  - issue#1334: Console->Users->(Edit) Permissions checkmark descriptions
    missing
  - issue#1336: Debian test suite reports php error
  - issue#1338: Allow automation to be run in debug mode from GUI
  - issue#1339: First graph of second page does not render
  - issue#1340: Unable to open Time Graph View in new tab
  - issue#1348: Toggle context menu of Zoom
  - issue#1351: Errorimage does not render on systems without GD ttf support
  - issue#1353: New installation without config.php silently throws errors
  - issue#1355: Single tree can have the order of the tree changed
  - issue#1357: Data Profile disable fields shown temporarily as editable
  - issue#1359: Settings page generates error for removed plugin tab
  - issue#1362: DSStats Avg/Peak function broken due to change in RRDtool
    processing
  - issue#1365: Plugin Management enforce folder name
  - issue#1366: Improve error/info message display
  - issue#1380: Potential failure when updating script type
  - issue#1384: When installing/enabling plugins, current user and admin should
    get permissions
  - issue#1386: form_selectable_cell() ignores width if no style_or_class is
    passed
  - issue#1389: Poller is including plugins that are not installed
  - issue#1390: Plugin uninstall should prompt user before removal
  - issue#1396: Prevent installation/uninstallation of a plugin if dependency
    is present
  - issue#1397: Distinguish between plugin tabs and core tabs in settings
  - issue: Allow dynamic setting of from name when emailing
  - issue: Data Query Cache filter layout more consistent
  - issue: Minor plugin permissions format change
  - issue: Implementation of error handling causes errors creating New Graphs
  - issue: Deprecated DDStats setting removed
  - issue: Graph context menu items are now context aware
  - issue: Validate spine path before allowing enabling of spine
  - issue: Errored settings fields now highlighted correctly on error
  - issue: Add the Default Device to the Default Tree at install time
  - issue: Secpass password verification error message unuseful
  - feature: Searching of SNMP Index in View Data Query Cache now works
  - feature: Presets now have default device Template
  - feature: JavaScript library c3.js updated (v0.4.21) / jstree.js (3.3.5)
  - feature: PHPSecLib updated 2.0.10
  - feature: Updated Dutch translations
* Mon Feb 12 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.35
  - issue#114: *all_max_peak* percentile calculations incorrect
  - issue#430: Pressing Back often fails to work as expected
  - issue#564: Fail to move items in graph template as desired
  - issue#981: Hyperlinks for Data Profile stats
  - issue#993: Realtime not working on remote pollers for certain data query
  - issue#1244: Errors importing templates with deprecated hashes
  - issue#1251: Allow zoom out through mouse mmiddle button
  - issue#1281: Max OIDs setting is for bulkget and not bulkwalk operations
  - issue#1286: Correct CHUNKED_ENCODING error when retrieving graph with
    some browsers
  - issue#1306: Graphs are not always refreshed properly
  - issue#1309: Provide meaningful authentication errors in graph_json.php
    and graph_image.php
  - issue#1310: Return button fails on change password page
  - issue#1315: Realtime not working on local data collector
  - issue#1316: CDEF Item Value dialog does not update creating items
  - issue#1319: Front end + remote poller - connection timeout issue
  - issue#1321: Use RRDtool pipelining functions within DSSTATS
  - issue#1323: Enhance form layout for readability
  - issue#1329: Spelling errors in automation_networks.php
  - issue: Validate regular expressions if specified in add_graphs.php
  - issue: Ensure compression levels are consistent when importing package
* Tue Feb 06 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.34
  issue#1040: PHP version 7.2 - ERROR PHP WARNING: sizeof()
  issue#1195: Improved Javascript error message handling
  issue#1245: Unable to reorder graph name suggested values
  issue#1256: Error reporting of custom errors not displayed correctly
  issue#1257: Boost excessively logging updates
  issue#1258: cacti.sql updated to match expected schema
  issue#1260: Tab images fail to render due to TrueType support in PHP GD Module
  issue#1261: Automatic logout timeout does not apply to web basic authenication
  issue#1263: CLI utility to validate database schema
  issue#1266: Inconsistent usage graphWrapper CSS causes odd graph zoom behavior
  issue#1268: Regex filters not working properly
  issue#1274: Host CPU script checks value existance to avoid error
  issue#1275: SNMP v3 authPriv fails to work
  issue#1287: JSON calls return validation error in HTML format
  issue#1289: Script Server should output parameter array rather than parameters
  issue#1292: Chrome to aggressively caches Javascript files
  issue#1293: Correctly identify if command 'snmpbulkwalk' is available
  issue#1296: CactiErrorHandler does not ignore PHP suppressed errors
  issue#1300: Automation discovery : New devices added by automation discovery
    have empty SNMP community field
  issue#1302: Automatic logout should not be enforced on login page
  issue#1304: mib_cache.php file contains unsafe transactions for binary logging
  feature: CLI utilily to generate and verify file hashes for installed Cacti
    files
  feature: Logging links back to appropriate areas for troubleshooting
  feature: Logging lists filenames in reverse order
* Tue Jan 23 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.33
  - issue#1253: Automatically generated RRDtool DEF names in Cacti
    1.1.32 break existing Graph Templates
* Mon Jan 22 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.32
  - issue#969: Undefined index: color_id / task_item when viewing graphs
  - issue#1166: Fix typo of 'locale' in global_languages.php
  - issue#1222: Graphs with large number of items causes RRDTool to error
  - issue#1230: PHP Fatal error: Call to undefined function
    get_max_tree_sequence()
  - issue#1238: SNMP functions fail to handle "Invalid object identifier"
    error
  - issue#1239: Browser console error in layout.js
  - issue#1240: Page layout issues caused by library update
  - issue#1246: Make SNMP Error return more info
  - issue: Missing or corrupted theme files can corrupt user settings
  - issue: Theme may not change until next login
  - issue: Tree edit Tree/Device/Graph drag areas incorrect
  - issue: Make callback error handling compatible with jQuery 3.x
  - issue: Ensure the snmp_error is cleared before every call
  - issue: Indicate unknown error when RRDTool returns no error message
  - feature: Update Javascript library: js.storage.js, d3.js, jquery.js,
    jquery.tablednd.js, jquery.timepicker.js
* Wed Jan 17 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.31
  - issue#629: Site reload after delete the last letter in the searchbar
  - issue#1022: Discovery network stuck in "running" state does not
    return results
  - issue#1164: Version compare function fails on major/minor only
    versions
  - issue#1166: Invalid New User default language selection
  - issue#1175: Automatic logout inconsistent redirect
  - issue#1179: Warn during installation if installing moving to older
    version
  - issue#1183: Automatically detect missing Theme and use alternate
  - issue#1185: Layout with Graphs having large number of data columns
  - issue#1189: Allow ability to sort tree list by name asc/desc
  - issue#1190: Enabling, Disabling, Uninstalling plugin, you should
    page refresh
  - issue#1191: Tree sequences were not set or checked
  - issue#1197: Add more collection intervals to Data Source Profiles
  - issue#1206: Display issue with internationalization number format
  - issue#1210: CDEF and VDEF Items can not be properly edited
  - issue#1212: Navigation breadcrumbs fail to handle External links
    correctly
  - issue#1213: PHPMailer trying TLS despite SMTPSecure setting
  - issue#1215: Show version when installation prompts for license
  - issue#1217: Add ability to view/edit Input/Query when editing
    Data Template
  - issue: Named colors fail to import on install or upgrade
  - issue: Drag and Drop issues on multiple pages could corrupt
    sequencing
  - feature: Enhance filter to permit more glyphs for table headers
  - feature: Add a page refresh dropdown to the Automation Networks
  - feature: Enhanced SNMP v3 input forms
  - feature: Allow Trees to be rearranged using Drag and Drop
  - feature: Trap GUI callback errors and present error message
* Thu Jan 04 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.30
  - issue#1155: Non-secure mail setting not functional due to changes
    in phpmailer
  - issue#1157: Resolve issue with branch permission api
  - issue#1158: Change CLOG to use regex replacement so line details
    are not mangled
  - issue#1161: Graph View regex's are not preserved during automatic
    page refresh
  - issue#1162: Error messages are not display when editing a user
  - issue#1166: Default language was not correctly set when editing a
    user
  - issue: basename function undefined during upgrade to 1.0.x
  - issue: Storage API and translations required for Change password
    function
  - issue: ALTER IGNORE still throws an error when attempting to drop
    the primary key
  - issue: Data Source profile form API generates error when system is
    half upgraded
  - issue: Resolve issue with importing packages
  - feature: Update package versions for Cacti version 1.1.29
* Wed Dec 27 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.29
  - issue#871: Allow Nth Percentile and Bandwidth Summation to respect
    'Base Value' in template
  - issue#965: Duplicate error message and incorrect error code when
    using LDAP authentication
  - issue#1084: Graph Tree Branch not properly populating when editing
    report item
  - issue#1104: Datetime formatting in developer debug mode incorrect
  - issue#1106: Template Filters has empty row
  - issue#1109: URL used in redirection when referrer already has
    parameters in it
  - issue#1110: Add CPU Total to 'SNMP - Get Processor Information'
  - issue#1111: PHP NOTICE when using LDAP authenication
  - issue#1116: Filters not allowing "None" or "All" when editing
    report item
  - issue#1119: Reduced amount of data fetched for CPU usage to just
    the data used
  - issue#1121: Bandwidth summation not using correct locale
  - issue#1122: Fix issue with local login / potential password problems
  - issue#1128: Resolve php warning when raising messages
  - issue#1130: Fix logging level issue where logs of same level as setting
    where not logged
  - issue#1131: Make upgrade_database.php use same version compare as
    /install/ system
  - issue#1133: Fix issues with variable name and debug log
  - issue#1141: When viewing graphs from list view, pagination causes list
    view filter to be cleared
  - issue#1143: ss_host_cpu.php - Division by zero / Invalid Return Value
  - issue#1146: Installation now checks URI path matchs with configuration
    option URL_PATH
  - issue: Updated Graph pagenation and filter reset
  - issue: Resolve issues with cacti_version_compare() processing
  - issue: Zoom context menu stays open after zoom out actions
  - issue: Paginator object was not always translated
* Mon Nov 20 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.28
  - issue#958: User Group Tree permissions not calculated fully
  - issue#959: Issue viewing email reports due to email client
    decoding problems
  - issue#992: RRDfile naming issues that result from random sorting
    during export
  - issue#1012: Issue where disabled devices will not appear in
    Tree editor
  - issue#1044: Handle invalid exclusion regex properly when viewing
    the log
  - issue#1045: Issue with multiple pages and confirmation dialogs
  - issue#1048: Problem importing vdefs from templates
  - issue#1053: Remote Data Collector now works with https and self
    signed certificates
  - issue#1055: Errors in data source statistics inserts when invalid
    output is encountered
  - issue#1057: CVE-2017-16641 - Potential vulnerability in RRDtool
    functions boo#1067166
  - issue#1058: ICMP Ping to and IPv6 address fails to gather data for
    ping latency
  - issue#1059: Aggregate item filter should use regular expressions to
    avoid SQL errors due to flawed filter logic
  - issue#1064: When a Device Template is removed, Automation Templates
    for that Device Template remain
  - issue#1066: CVE-2017-16660 in remote_agent.php logging function
    boo#1067164
  - issue#1066: CVE-2017-16661 in view log file boo#1067163
  - issue#1071: CVE-2017-16785 in global_session.php Reflection XSS
    boo#1068028
  - issue#1074: Boost records get stuck in archive
  - issue#1079: Undefined index in lib/snmpagent.php
  - issue#1085: Undefined function html_log_input_error
  - issue#1086: Rerun data queries in automation process has no effect
  - issue#1087: cli/add_device.php --proxy option does not work with non-snmp
    devices
  - issue#1088: Set timeout for remote data collector context
  - issue: Minor performance increase in boost processing
  - issue: Poller output not empty not processed correctly on Log tab
  - feature: Timeout to the remote agent for realtime graphs
  - feature: Updated Dutch translations
  - feature: Database update adding additional indexes for increased
    performance
  - feature: Updated PHPMailer to version 5.2.26
  - feature: Updated phpseclib to version 2.0.7
* Mon Oct 23 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.27
  - issue#1033: Issues inserting into dsstats table due to legacy data
  - issue#1039: Using html_escape still double escapes.  Use strip_tags
    instead
  - issue#1040: Resolving compatibility issue with PHP7.2
* Mon Oct 16 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.26
  - issue#841: --input-fields variable not working with add_graphs.php
    cli
  - issue#986: Resolve minor appearance problem on Modern theme
  - issue#989: Resolve issue with data input method commands loosing
    spaces on import
  - issue#1000: add_graphs.php not recognizing input fields
  - issue#1003: Reversing resolution to Issue#995 due to adverse impact
    to polling times
  - issue#1008: Remove developer debug warning about thumbnail validation
  - issue#1009: Resolving minor issue with cmd_realtime.php and a changing
    hostname
  - issue#1010: CVE-2017-15194 - Path-Based Cross-Site Scripting (XSS)
  - issue#1027: Confirm that the PHP date.timezone setting is properly set
    during install
  - issue: Fixed database session handling for PHP 7.1
  - issue: Fixed some missing i18n
  - issue: Fixed typo's
  - feature: Updated Dutch translations
  - feature: Schema changes; Examined queries without key usage and
    added/changed some keys
  - feature: Some small improvements
- Build version 1.1.25
  - issue#966: Email still using SMTP security even though set to none
  - issue#995: Redirecting exec_background() to dev null breaks some
    functions
  - issue#998: Allow removal of external data template and prevent their
    creation
  - issue: Remove spikes uses wrong variance value from WebGUI
  - issue: Changing filters on log page does not reset to first page
  - issue: Allow manual creation of external data sources once again
  - feature: Updated Dutch translations
* Mon Sep 18 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.24
  - issue#932: Zoom positioning breaks when you scroll the graph page
  - issue#970: Remote Data Collector Cache Synchronization missing
    plugin sub-directories
  - issue#980: Resolve issue where a new tree branches refreshs before
    you have a chance to name it
  - issue#982: Data Source Profile size information not showing properly
  - issue: Long sysDescriptions on automation page cause columns to
    be hidden
  - issue: Resolve visual issues in Classic theme
  - feature: Allow Resynchronization of Poller Resource Cache
* Tue Sep 12 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.23
  issue#963: SQL Errors with snmpagent and MariaDB 10.2
  issue#964: SQL Mode optimization failing in 1.1.22
- Build version 1.1.22
  issue#950: Automation - New graph rule looses name on change
  issue#952: CSV Export not rendering chinese characters correctly
    (Second attempt)
  issue#955: Validation error trying to view graph debug syntax
  issue: MySQL/MariaDB database sql_mode NO_AUTO_VALUE_ON_ZERO
    corrupts Cacti database
  issue: When creating a data source, the data source profile does
    not default to the system default
  feature: Enhance table filters to support new Cycle plugin
  feature: Updated Dutch Translations
* Tue Sep 05 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.21
  issue#938: Problems upgrading to 1.1.20 with one table alter
    statement
  issue#952: CSV Export not rendering chinese characters correctly
  issue: Minor alignment issue on tables
- Build version 1.1.20
  issue#920: Issue with scrollbars after update to 1.1.19 related
    to #902
  issue#921: Tree Mode no longer expands to accomodate full tree
    item names
  issue#922: When using LDAP domains some setings are not passed
    correctly to the Cacti LDAP library
  issue#923: Warninga in cacti.log are displayed incorrectly
  issue#926: Update Utilities page to provide more information on
    rebuilding poller cache
  issue#927: Minor schema change to support XtraDB Cluster
  issue#929: Overlapping frames on certain themes
  issue#931: Aggregate graphs missing from list view
  issue#933: Aggregate graphs page counter off
  issue#935: Support utf8 printable in data query inserts
  issue#936: TimeZone query failure undefined function
  issue: Taking actions on users does not use callbacks
  issue: Undefined constant in lib/snmp.php on RHEL7
  issue: Human readable socket errno's not defined
  issue: Audit of ping methods tcp, udp, and icmp ping. IPv6 will still
    not work till php 5.5.4
* Mon Aug 21 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.19
  issue#810: Scripts in packages don't match distribution
  issue#919: Unable to upgrade to 1.1.18
  issue: Update documentation for minimum PHP 5.4
- Build version 1.1.18
  issue#902: Correcting some issues with Console and External Links
  issue#903: Upgrade pace.js to v0.7.8
  issue#904: Allow user to hide Graphs from disabled Devices
  issue#906: Create a separate Realm for Realtime Graphs
  issue#907: XSS issue in spikekill.php
    CVE-2017-12927 bsc#1054390
  issue#910: Boost last run duration generates an error on new install
  issue#914: Unable to purge Cacti logfile from System Utilities
  issue#915: Non-numeric data in ss_host_disk.php
  issue#916: Resolve display of errors when encountering ldap issues
  issue#918: Minor XSS and create generalized escape function
    CVE-2017-12978 bsc#1054742
  issue: Resolve JavaScript errors on Login page
  issue: Resolve JavaScript errors on Permission Denied pages
  issue: Graphs tab would appear in non-classic even if you did not
    have permissions
  feature: Updated dutch translations
* Tue Aug 15 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.17
  issue#450: List View to Preview shows no results
  issue#486: Export Device table results to CSV
  issue#544: Allow Log Rotation to be other than Daily
  issue#673: Downtime/Recovery time/date is set incorrectly
  issue#819: Customized timespans for graphs
  issue#888: Rebuilding Poller Cache when External data sources are
    present results in false positive warnings in the log
  issue#891: Database.php unable to connect to MySQL when using port
    different than 3306
  issue#893: Warning messages when duplicating CDEF objects
  issue#897: Due to browser use of special key, deprecate ctrl-shift-x
    for clearing filter
  issue#898: Issue with tcp and udp ping due to file description
    allocation changes
  issue: Unable use ipv6 ip addresses for snmp ping in the Cacti GUI
  issue: Update language of the Rebuild Poller Cache menu pick
  issue: Broken design for input controls with Sunrise theme
  issue: Timespan switching not switching to Custom in Preview Mode
  issue: Log rotation would not occur under certain conditions.
    Provide more control over log functions
  issue: Purge log file always purged the cacti.log, not the selected
    log
  issue: Unable to view graphs for errored data sources from Cacti log
* Tue Aug 01 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.16
  issue#865: Escape Data Query arguments to prevent issues with
    special characters
  issue#872: Can't add device items to graphs generated with no
    device and no template
  issue#875: When modifying Realm permissions, realms that are
    listed multiple times don't stay in sync
  issue#877: Improving resolution to issue#847 and one additional
    vulnerability
    CVE-2017-12065 bsc#1051633
  issue#878: Ambiguous language in purge log function
  issue#879: SQL Error when adding a report item to a report
  issue#880: Device drop down is limited to 20 devices and lacks
    a scroll bar
  issue#885: Graph generated with no device and no graph template
    forgets device definitions
  issue#886: Unable to export templates other than Device templates
  issue: Address additional corner cases around get_order_string usage
  issue: Data Queries sharing a Data Source can result in poller
    output table not empty errors
  issue: Fix Sunrise theme to properly theme multiselect widgets
  issue: Increase height of multiselects so that more options are
    visible
  issue: When a graph is locked, anchor tags are still functional
* Mon Jul 24 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.15
  - issue: PHP Fatal Exception on upgrade from 1.1.11 or earlier
  - feature: Added test to detect install upgrade code problems