* Sat Feb 15 2020 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.9:
* CVE-2020-7106: Lack of escaping on some pages could lead to XSS
exposure (boo#1161297)
* CVE-2020-7237: Remote Code Execution due to input validation
failure in Performance Boost Debug Log (boo#1161297)
* many bug fixes
* Sun Feb 02 2020 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.8:
* CVE-2019-17357: When viewing graphs, some input variables were
not properly checked (SQL injection possible) [boo#1158990]
* CVE-2019-17358: Unsafe deserialisation of data [boo#1158992]
* When using HTTPS, secure cookie to prevent potential weakness
* various bug fixes
* Thu Oct 17 2019 Richard Brown <rbrown@suse.com>
- Remove obsolete Groups tag (fate#326485)
* Mon Sep 30 2019 David Liedke <liedke@rz.uni-mannheim.de>
-Build version 1.2.7
- security#2964: CVE-2019-16723 Security issue allows to view all graphs
- issue#1181: When opening the Scheduler, it may appear off screen when
opened near the bottom of a window
- issue#2894: When using Remote Data Collectors, database information and
recommendations may show Incorrect values
- issue#2895: When using data sources from different RRDs, Percentile
calculation may be incorrect
- issue#2899: When displaying a form, variable substitution may not always
work as expected
- issue#2922: When running a data query, the result may come back as undefined
- issue#2925: When using consolidation functions, retrieving the first step
can cause errors
- issue#2926: When editing a graph, variable validation errors may prevent
changes from being saved
- issue#2929: Boost performance may become poor even in single server mode
- issue#2930: RRDtool can generate errors to standard output which can corrupt images
- issue#2932: When RRDTool generates an error creating an image, it is not
always reportedly properly
- issue#2936: Installer will loop when number of tables exceeds PHP's max_input_vars limit
- issue#2938: Under CentOS packages, upgrade_database.php script uses incorrect
location for DB upgrade scripts
- issue#2940: Images are not always properly sized until the page size changes
- issue#2949: Order icons may not be properly aligned
- issue#2951: Allow legends to be modified for Aggregate Graphs
- issue#2958: Drop down autocomplete lists do not always open as expected
- issue#2961: When syncing device templates, undefined function may be raised
- issue#2963: When running ss_cpoller script, avgTime incorrect returns maxTime
- issue#2966: Realtime popup windows do not always honor settings
- issue#2967: When using Spikekill, gap and range fill are not operating as expected
- issue#2970: When a user edits their profile, buttons may appear as unusable whilst
still being enabled
- issue#2973: User menu does not always display properly on mobile devices
- issue#2974: Script Server can raise unexpected warnings when 'arg_num_indexes'
set but not found in data source
- issue#2975: Datasource Debug does not properly handle European numbers in
certain circumstances
- issue#2976: Boost messages should be stored in their own log file
- issue#2977: Data updates with past timestamps can cause boost errors
- issue#2978: Moving hosts between data collectors is slow
- issue#2979: Multi Output Fields are not parsed correctly
- issue#2984: When checking SQL fields, value was not always primed
- issue#2986: Selecting 'Devices' menu pick closes 'Management' menu
- feature#2943: Allow all Data Queries of a device to be re-indexed at once
- feature#2952: If device is down or threshold breached, highlight in tree view
- feature#2985: Update phpseclib to 2.0.23
* Mon Sep 02 2019 David Liedke <liedke@rz.uni-mannheim.de>
-Build version 1.2.6
- issue#2794: Graph template not saved on graph edit
- issue#2825: "innodb_doublewrite = off" possibly dangerous recommendation
- issue#2829: PHP recommendations always see memory limit as unlimited
- issue#2830: Disabled Top/Bottom external links should not be displayed
- issue#2832: Install/Upgrade log does not show anything
- issue#2833: Undefined index can occur when data source does not have an
snmp_index
- issue#2834: Boost performance drops on very large systems
- issue#2835: When creating graphs and inneficient query is causing long
creation times
- issue#2837: Sunrise theme does not render checkboxes 100% correctly
- issue#2838: jQueryMultiselect does not match upstream due to forking
- issue#2839: Non regular expression search filters don't support international
characters
- issue#2841: Total count is wrong after searching for External Link pages
- issue#2843: DSStats reruns Daily Aggregation every minute
- issue#2844: Autocomplete settings for passwords are not properly defined
- issue#2845: Data Template can't be edited when it is in use
- issue#2846: Allow tooltips for section headers with 'question' icon
- issue#2847: Permanently convert an Aggregate to a regular graph
- issue#2848: Aggregate graphs get clipped due to incorrect date range
- issue#2856: Aggregate issues with very long RRDtool command lines
- issue#2857: When trying to find the best index to use, a 'must implement
Countable' warning appears
- issue#2860: When testing remote poller connections during install, undefined
variable warning can occur
- issue#2862: Automation does not calculate network information correctly for
single hosts
- issue#2866: Add poller ID to subject for admin notifications
- issue#2869: When creating aggregates from Graphs, JavaScript issues can occur
- issue#2872: Add support for MySQL 8 and use of grouping as name for a column
- issue#2875: Undefined variable when removing spikes in some cases
- issue#2877: When attempting to send report, undefined function 'get_tinespan' messages appear
- issue#2878: Function get_magic_quotes_gpc() is now deprecated in PHP 7.4
- issue#2879: Switching from authPriv to authNoPriv produces error when saving
- issue#2884: Replication continues to occur when poller has been disabled by sysres-dev
- issue#2891: Script server script ss_fping.php generates error when not called
by script server
- issue#2895: Percentile calculation is incorrect on Graphs with multiple Data
Sources from different RRDs
- issue#2901: Poller overrun warning message is badly worded
- issue#2902: Mailer incorrectly reports it is sending to noone
- issue#2903: PHP recommendations can generate a warning causing JSON issues
- issue#2905: Sorting plugins by version can lead to unexpected ordering
- issue#2907: SSL column for multiple pollers can be incorrectly set causing SQL errors
- issue#2908: When URL_PATH is blank, it should assume that it is '/'
- issue#2909: Correct usage of affect vs effect in strings
- issue#2910: Can not show user menu when in portrait mode on mobile devices
- issue#2911: Graph variables are not always encoded to JSON properly resulting in warnings
- issue#2912: Navigation cache can sometimes be corrupted resulting in a non-array value
- issue#2913: When adding new graphs, the type of graph is not remembered
- issue#2917: Action icons next to graphs can sometimes become unselectable due to zoom
- issue#2919: When refreshing menu, selected items are sometimes lost and submenu
items can become hidden
* Tue Aug 20 2019 kukuk@suse.de
- BuildRequire cron as this contains now the cron directories
* Tue Jul 16 2019 David Liedke <liedke@rz.uni-mannheim.de>
-Build version 1.2.5
- issue#1978: Popup Menus can appear off screen when using Graph Thumbnails
- issue#2282: Installation wizard does not detect RRDtool version correctly
- issue#2524: When editing a tree, Drag and Drop of Devices does not always
work as expected
- issue#2573: Associated Graph Template for Data Query can sometime disappear
- issue#2656: GPRINT text_format does not replace Data Query and Host Fields
- issue#2661: Automation does not always calculate network range/subnet correctly
- issue#2663: Some legacy Data Queries can not determine their index order
causing broken graphs
- issue#2674: Large strings can sometimes cause language translation can fail
- issue#2719: Automation may sometimes create empty graphs
- issue#2721: When replacing '|input_xxxx|' strings, undefined index can occur
- issue#2722: Calls to _db_replace() are not consistent resulting in warnings
- issue#2723: When replicating to remote pollers, Undefined Variable errors may be seen
- issue#2724: When graphing HRULE items, 'Only Variables should be passed by
reference' error may be seen
- issue#2725: When viewing logs in utilities, filenames should be limited the same as clog
- issue#2726: During Automation logging, include the Rule ID that triggers
the creation of an item by xmacan
- issue#2732: When using basic authentication, automatically strip any @domain information
- issue#2734: Allow non-english labels to be used on Graph Templates
- issue#2727: When using Polling Hosts Template, warnings can be issued when
CMD.PHP is the poller
- issue#2733: When processing SNMP data, space delimited hex strings do not
always convert into MAC addresses
- issue#2735: Mouse cursor should show as default pointer if column is not sortable
- issue#2736: When using MySQL 8 or above, 'function' is considered a reserved word
unless quoted by xmacan
- issue#2741: Various errors can occur due to undefined or incorrect variable names
- issue#2742: Various errors can occur due to undefined or incorrect variable names
- issue#2743: Attempts to close a tooltip when no tooltip has been set may cause errors
- issue#2744: When changing password, undefined index error can occur if user is not logged in
- issue#2748: If PHP location setting is invalid during install/upgrade, this
should be notified on modules page
- issue#2750: When performing multiple sort, highlighting of content occurs
- issue#2751: When editing a Tree, display filter may not allow 'All' option to work
- issue#2752: When running verbose query on device, you are unable to copy text from items
- issue#2753: Unable to copy entire verbose query using clipboard command
- issue#2757: Page Navigation can be subject to XSS injection
- issue#2758: Various sensitive directories are browsable if web server directory browsing is enabled
- issue#2760: Unable to add items into a report
- issue#2762: Creating an aggregate graph can sometimes fail due to unknown RRD tools error
- issue#2766: When modifying Aggregate Templates, changes are not always cascaded to Graph
- issue#2768: Aggregate Graphs may sometimes show the wrong row count
- issue#2770: ItemType is not updated when saving Report Items
- issue#2772: Add tooltip support to html_header() and html_header_checkbox()
- issue#2775: Remote pollers may sometimes fail to replicate data back to main system
- issue#2777: Attempting to edit a non-existent report generates an error
- issue#2778: When rendering graphs, resizing can sometimes occur repeatedly
- issue#2779: On new installations, automation rules for Interface Graphs are broken
- issue#2780: Upgrade database script not actually upgrading Cacti
- issue#2782: When replicating the syslog plugin, the configuration file is ignored causing errors
- issue#2783: When limiting the number of displayed characters, international characters
may sometimes display incorrectly
- issue#2784: When removing a device with graphs but no data sources , errors are generated
- issue#2785: When editing a graph rule, warnings incorrectly appear about unsaved changes
- issue#2792: When a checkbox 'friendly name' has a comma, checkbox functionality stops working
- issue#2797: When upgrading from before 1.x, SuperLinks view permissions may not be correct
- issue#2799: Under heavy use of Real Time Graphs, SQL errors may start appearing
- issue#2800: When editing a tree, using a comma in the search field stops search from working
- issue#2802: If a Device lacks ifName, an alternative field is not always found even if available
- issue#2807: When editing a Data Template that has dependant graphs, some attributes
should not be modifiable
- issue#2808: When navigating a tree, the layout may unexpectedly move
- issue#2814: When viewing the utilities page, HTML tags may be seen rather than rendered
- issue#2816: When viewing logs, paging does not always working correctly
- issue#2818: Automation can sometimes incorrectly add duplicate devices with the same sysname
- issue#2820: When path is blank, is_resource_writable() will generate 'Uninitialized string offset: -1'
- issue#2821: When the desired locale can not be located, a number format issue may occur
- feature#2728: Update phpseclib to 2.0.17 by DavidLiedke
- feature#2809: Update c3.js & d3.js by DavidLiedke
- feature#2730: Update jstree.js to 3.3.8 by DavidLiedke
- feature#2754: Allow Devices, Graphs and Data Sources to be searched by ID
- feature#2765: When editing a tree, allow cascading selection of available graphics
- feature#2805: Merged plugins are not always upgraded correctly
- feature#2823: Enhance the splice_rrd.php to be able to merge RRDfiles of differing step
* Thu Jun 13 2019 David Liedke <liedke@rz.uni-mannheim.de>
-Build version 1.2.4
- issue#2523: Send A Test Email stops working under PHP 7.3
- issue#2589: Missing RRD file can cause DSSTATS to throw errors
- issue#2590: When installing, chosen language is sometimes lost
- issue#2591: Menu selection does not always match selected page/section
- issue#2592: When viewing an aggregate graph, 'Display graphs from this aggregate'
option does always not work
- issue#2593: Unable to migrate aggregate graphs to matching aggregate template
- issue#2598: Creating an aggregate graph without associated template causes
RRDtool error
- issue#2599: Creating/Updating an Aggregate Graph to use LINE/STACK's
generates invalid SQL statements
- issue#2604: When adding a dataquery, SQL errors can be generated
- issue#2605: When installing, checking database tables can cause errors
- issue#2608: db_update_table() function should not require an engine type or comment
- issue#2609: When updating from earlier than 1.2, timezone column might not exist
- issue#2610: Data Sources troubleshooter generates warning that each()
function is deprecated
- issue#2612: When RRDtool fails to initialize, DSStats generates lots of warnings
- issue#2618: ifAdminStatus in snmp_queries/interfaces.xml
- issue#2621: File paths that accept blanks are not allowing blanks
- issue#2622: Various undefined variables generate errors within database.php
- issue#2623: When using form_text_area(), invalid HTML can be generated
- issue#2627: Some filenames can be lost in log file selection list
- issue#2629: When upgrading, ldap library is not loaded properly due to incorrect paths
- issue#2632: Automated Networks are not being properly replicated to additional pollers
- issue#2635: When running automation scans, database connection should be
forced to central database
- issue#2638: Support disabling PHP SNMP extension by mhoran
- issue#2645: Some URLs are incorrectly calculated
- issue#2649: Automation not creating graphs when there are custom items
- issue#2650: Several undefined variables are generating warnings
- issue#2662: HRULE objects broken in some cases
- issue#2668: Trailing parentheses are removed from the SNMP system description
- issue#2672: Cacti Install on Windows Fails
- issue#2676: Skin paper plane not working on iPhone XR
- issue#2678: Call to undefined function _() in data_queries.php
- issue#2679: Users with passwords that do not meet complexity requirements are
not redirected to the Change Password page
- issue#2680: Remove deprecated $php_errormsg usage
- issue#2689: Increase boost maximum memory limits
- issue#2693: Graph links do not contain URL path causing links to fail
- issue#2698: Avoid duplicated icon in the main.js of all themes
- issue#2699: Login option "Show the page that user pointed their browser to"
does not work properly
- issue#2702: sqltable_to_php.php does not always generate valid table data arrays
- issue#2707: Some pages that have permission errors dont raise proper messages
- issue#2712: PHP memory should be unlimited in scripts that need more memory than the default
- issue#2713: SNMP System Description with UTF8 strings properly are not properly parsed
- issue#2718: When links are converted to ajax calls, mailto links should not be included
- issue#2720: When calculating percentiles, the value is incorrect as
the steps are not placed in correct order
- feature#2538: Allow users to change default method of removing data sources
when deleting graphs
- feature#2539: Allow users to set the default graph lock status
- feature#2540: Allow users to enable/disable graph tree history
- feature#2646: Allow application of automation rules on CLI by rb83
- feature#2654: New hook to notify plugins of user profile changes ('auth_profile_update_data')
- feature#2664: Add option to purge spikekill backups
- feature#2701: Provide option to continue graphing objects that loose their index
- feature#2704: Device and template cache do not refresh properly
* Sun Mar 31 2019 David Liedke <liedke@rz.uni-mannheim.de>
-Remove cacti-ss_fping.patch
-Build version 1.2.3
- issue#1063: Tree View does not display the last item correctly under
'Modern' theme
- issue#2282: Install Wizard does not Detect RRDtool Version on Windows
- issue#2430: "New Device" menu item showing as selected incorrect
when "Devices" clicked
- issue#2435: Tree View becomes narrower and narrower when
expanding/collapsing nodes with long names
- issue#2449: Index incorrectly changed to 1 if the index is alphanumeric
when OID/REGEXP: or OIDVALUE/REGEXP:
- issue#2452: Missing 'getSNMPQueries()' function when calling
add_data_query.php
- issue#2453: When running add_graphs.php, cannot retrieve list of valid
snmp values
- issue#2460: sqltable_to_php.php does not export 'default' value
of columns correctly
- issue#2456: When attempting to display actions that can be taken,
having no actions caused error
- issue#2457: When creating a graph, undefined function prevents
confirmation from appearing
- issue#2459: ss_host_disk.php attempts to return an empty array
instead of a string
- issue#2463: Partial Fix: Display zombie data sources without graphs
- issue#2464: When viewing a User's effective permissions, disabled
devices should show denied
- issue#2465: Too many groups hide effective permission column when
viewing User's effective permissions
- issue#2466: Manual data source creation is broken
- issue#2469: When using Matching Objects filter within Automation
Graph Rules, unexpected redirect occurs
- issue#2471: When Creating a new Graph Template, clear the Graph
Template permissions cache
- issue#2472: Bad navigation items cause Array to string conversion errors
- issue#2474: REGEXP_SNMP_TRIM does not handle Gauge fields properly
- issue#2475: When resetting filters, multiple sort session variables do
not always reset properly
- issue#2476: When using CMD.PHP for polling, device polling time is not updated
- issue#2477: When saving a Data Input Method, Output Field name changes
to incorrect value
- issue#2478: When saving a LINEX type Graph Item, the Line Width value is
too restrictive
- issue#2479: RPN function select list should be sorted when editing
CDEF and VDEF's
- issue#2480: RRDtool versions in Cacti not granular enough
- issue#2482: When upgrading past 1.1.34, upgrade attempts to drop a
non-existing primary key
- issue#2491: Data Source Info suggests commands RRDTool can't honor
- issue#2492: When data templates are filtered by profile, data source
list does not get same filter applied
- issue#2493: Data Source Info is not separated properly
- issue#2494: User Login History is not fully enabled for translations
- issue#2497: When linking to Graphs, unless both start and end are
specified, only defaults are used
- issue#2499: Data Source reapply names does not update name from
data query or template.
- issue#2500: Allow Data Source repairs from the Data Source Debug and
Data Source Info pages
- issue#2502: Unable to have a min or max value for RRDfile at zero '0'
- issue#2503: The Cacti Statistics Device Template is not include in release
- issue#2509: When checking for correct Unicode, minimum MySQL version
is incorrect
- issue#2513: When a plugin INFO file is malformed or missing elements,
plugin_load_info_file() should fill missing elements
with defaults
- issue#2519: When editing a data query, graph template picker shows
poor performance
- issue#2518: Unexpected errors when filtering Data Sources with
invalid 'rows' value
- issue#2522: When upgrading from pre-1.0.0, colors were not upgraded
properly by Givo29
- issue#2525: Tree branches that includes sites which have valid devices
do not appear on Graph Tree
- issue#2527: When importing a package, if Cacti version is below the
version which that exported, a clear message should be shown
- issue#2531: When updating color template items, the table name used
is incorrect by Givo29
- issue#2535: Ensure Graph ListView uses same UI logic as Graph Management
- issue#2537: Incorrect title showing when changes are made to Tree
- issue#2543: Poor performance showing a device's graphs on a tree
- issue#2547: RRD values are not being properly trimmed
- issue#2551: When checking MySQL configuration values, consider ON/OFF
to be equal to 1/0
- issue#2553: When upgrading from 1.0.0 or below, renaming automation
columns can cause issues
- issue#2555: Missing configuration defaults prevent installations/upgrades
without showing reason
- issue#2563: When sorting Data Sources, missing index causes unnecessary delays
- issue#2564: Filtering for Orphan Data Sources is unreliable
- issue#2565: Pages with 500+ selectable items in a single able can
suffer from poor performance
- issue#2568: When querying for diagnostic data, devices on remote pollers
should proxy the request
- issue#2571: External Links do not properly validate user permissions
- issue#2575: Poller errors occur if a file exists that the website cannot read
- issue#2576: Spikekill API does not work when called from plugins
- issue#2578: When importing packages, missing/new resources are not created
- issue#2581: When viewing poller cache, Device SNMP community is not
properly escaped
- issue#2583: When JSON module is not installed, Installer does not
correctly show missing message
- issue#2584: When user/group permissions are reset, this is not reflected
immediately to the end user
- feature#2505: Improve performance of Data Source Statistics
- feature#2515: Allow more than one SNMP port to be specified when
adding devices via CLI
- feature: Update phpseclib to version 2.0.15
- feature: Adjust the max table rows based upon value of 'max_input_vars'
* Thu Feb 28 2019 David Liedke <liedke@rz.uni-mannheim.de>
-Add cacti-ss_fping.patch
* Mon Feb 25 2019 David Liedke <liedke@rz.uni-mannheim.de>
-Build version 1.2.2
- issue#599: Aggregate graph templates assume AVG consolidation function
- issue#2312: Retrieving Device Information appears to fail on Safari
- issue#2317: Unabe to add new records to 'poller_time' table
- issue#2327: Memory exhausted whilst running poller replication
- issue#2334: Some browsers report JavaScript errors when switching to console
- issue#2337: When running an upgrade, the path of the log file is reset
- issue#2339: Certain characters in recipient address can cause email to fail
- issue#2343: Export hooks no longer work due to missing default keyword
- issue#2346: When listing plugin permissions, "Legacy 1.x Plugins" can appear
in the wrong cell
- issue#2347: Allow sort output to inject returned data into a specific object
- issue#2350: Unable to Select Data Source for HRULES and COMMENTS that include
nth Percentile and Bandwidth
- issue#2352: SNMP description field can sometimes contain mangled data
- issue#2354: When reindexing in Automation, titles are not updated for Graph
and Data Source
- issue#2355: Data Sources are sometimes duplicated when Custom Data is specified
- issue#2357: When indexes are incorrect, poller should log more information
- issue#2359: When upgrading, "Install/Upgrade" privilege may have been previously lost
- issue#2360: When retrieving database / table / column information, schema
name is not always applied
- issue#2362: No way to default an interface speed when ifSpeed and ifHighSpeed
come back as zero
- issue#2365: When editing Aggregate Graphs, orphaned items were not always removed
- issue#2372: Data Query reindexing leads gaps in Graphs
- issue#2376: Manually adding a device discovered by Automation causes errors to be logged
- issue#2380: Devices may experience constant reindexing
- issue#2384: When authentication method is set to None, change to Builtin as
None has been removed
- issue#2393: When reindexing a device, Graph Automation creates duplicate graphs every time
- issue#2416: SELinux wants APPEND not WRITE permission for Fedora/EPEL (RHEL, Centos)
- issue#2419: Host state time was not correctly calculated
- issue#2426: Reinstate missing plugin hooks for 'custom_logout_message' and 'custom_denied'
- issue#2431: Default value for 'Mail Method' (settings_how) is incorrect resulting in errors
- issue#2432: Undefined variable warnings when updating RRD data
- issue#2451: Drag and drop does not always function correctly
- feature: Update JavaScript library c3.js to version 0.6.12
- feature: Update phpseclib to version 2.0.14
- feature: Update PHPMailer to version 6.0.7
- feature: Update JavaScript library d3.js to version 5.9.1
* Mon Jan 21 2019 liedke@rz.uni-mannheim.de
-Build version 1.2.1
- issue#2259: Unable to View Aggregate Graphs
- issue#2267: Remove unnecessary includes in aggregate template code
- issue#2270: Realtime Graphs consuming too much memory
- issue#2272: Site Tree Branches not showing Graphs
- issue#2273: Error when saving changes to Data Collectors
- issue#2279: SQL Errors in add_graphs.php
- issue#2280: SQL Errors in snmpagent cache table inserts
- issue#2281: Database audit cli giving incorrect results
- issue#2285: Allow HRULEs for bandwith and ptile
- issue#2292: Allow Realtime to use 1 second data collection
- issue#2298: Ambiguous Toggle Switches in Sunrise Theme
- issue#2303: Problem with "Notify Primary Admin of Issues" function
- issue#2304: Installation progress stays at 0%
- issue#2305: BOOST PROGERR: ERRNO:'8'
- issue#2311: Unable to update PHP location during installation due to
incorrect CLI environment
- issue#2319: Primary admin account not always given access to a
plugin when that plugin is enabled
- issue#2321: Date separator not being used properly for graphs
- issue#2322: Modifying plugin realm registration files and description
not supported
- issue: Installer does not identify when shell_exec()/exec() are disabled
- issue: Removing a Device or Graph Template can not be seen till next login
- issue: Visual issues with custom data when using paper-plane theme
- issue: Undefined function errors attempting to sync device templates
- issue: Plugin dependency handling inconsistant
- issue: Editing a report shows incorrect graphs from dropdown
* Fri Jan 18 2019 astieger@suse.com
- mark license files using %license macro (bsc#1082318)
* Thu Jan 03 2019 liedke@rz.uni-mannheim.de
-Build version 1.2.0
- feature: Add a Timeout setting for Remote Agent calls
- feature: Add Graphs and Data Sources hyperlinks on Device page
- feature: Add One Minute Sampling to the default Data Source Profiles
- feature: Add support for DDERIVE and DCOUNTER to Cacti
- feature: Add Timezone support for Remote Data Collectors
- feature: Allow Adding Aggregate Graphs to a Report
- feature: Allow ASCII filepath paths to not be found on settings save
- feature: Allow drill down from Graphs to Data Queries or Templates
- feature: Allow Import/Export to be hookable
- feature: Allow snmpagent to be disabled for very large installs
- feature: Allow Top tabs to be Glyphs or Text or both
- feature: Big Spanish translation update plus massive QA fixes
- feature: Change password page provides visible confirmation of password rules
- feature: Do not allow second data source to be added to an SNMP Get data template
- feature: Don't allow removal of Data Sources from Data Template once its in use
- feature: Inform the primary Cacti administrator of problems by Email
- feature: Make all user settings dynamic and allow resetting to default.
- feature: Make Graph and Data Source suggested naming more efficient
- feature: Make it easy to find Data Query based graphs that have lost indexes
- feature: Make Top Tabs use Ajax Callback
- feature: Make tree editing responive
- feature: New Install/Upgrade user permission to limit access to being able to upgrade
- feature: Provide option to debug width errors where output exceeds column width
- feature: Removed the Authentication Method of 'None'
- feature: Tree automation is now defaulted to on for new install
- feature: Update JavaScript library c3.js to version 0.6.8
- feature: Update JavaScript library Chart.js to 2.7.3
- feature: Update JavaScript library d3.js to version 5.7.0
- feature: Update JavaScript library jquery.js to 3.3.1
- feature: Update JavaScript library jquery-migrate.js to 3.0.1
- feature: Update JavaScript library jquery.tablesorter.js to version 2.30.7
- feature: Update JavaScript library jstree.js to 3.3.7
- feature: Update JavaScript library screenfull.js to 3.3.3
- feature: Update phpmailer to version 6.0.6
- feature: Update phpseclib to version 2.0.13
- feature#289: Allow external nologin access for Realtime Graphs
- feature#553: When display a host, include Aggregated Graphs as well as standard graphs
- feature#614: Allow users to duplicate Data Input Methods
- feature#973: When creating a new user authenticated via LDAP, attempt to retrieve users
email and full name
- feature#122: Support a Site Branch Type
- feature#1060: Design Enhancement for Large scale Cacti Implementations
- feature#1142: Add Site dropdown to the Graphs and Data Source pages
- feature#1184: Improve Data Input Methods editability and message handling
- feature#1200: Aggregate Graphs can now include COMMENT
- feature#1282: Email notification for Automation Network discovery process
- feature#1347: Update automation logging to work better
- feature#1395: Ensure messages have each new line keep the same prefix in cacti_log()
- feature#1399: Allow 'requires' to include version against a plugin
- feature#1400: User settings are now dynamic and can be reset (removed) to return to global settings
- feature#1422: Automatically select the next unused data input field when clicking add on
data input method
- feature#1505: When displaying a graph, provide breadcrumb link to edit device
- feature#1527: Update Fontawesome from 4.7 to 5.0.10
- feature#1580: Support Drag & Drop for Builtin Report Items
- feature#1581: Allow Mass Adding of Graphs to Reports
- feature#1584: Allow theme selection when installing
- feature#1588: Check that PHP can run a test file
- feature#1593: Allow External links to auto refresh
- feature#1597: Ensure synchronised files have same attributes as originals
- feature#1610: On Unix, redirect error messages to log files when running external scripts
- feature#1628: Allow the User to define an initial Automation Network for discovery when installing
- feature#1670: Improve Graph Management to show type of source for a graph
- feature#1671: When duplicating a Graph Template, properly duplicate Data Query Graph Template Mappings
- feature#1677: Default Tree nodes sorting to be inherited
- feature#1691: On Graph context menu, add a 'Copy graph' option to copy graph image
- feature#1692: Separate option for logging Input Validation issues
- feature#1703: On Graph context menu, text is now multi-lingual
- feature#1708: Allow the User to override global Automation email recipients at the Automation Network level
- feature#1709: Suppress warning from RRDTool when attempting to make updates in the past
- feature#1711: Add support for SSL connections to MySQL
- feature#1731: Prevent loss of changes by warning user about unsaved items
- feature#1734: When displaying a graph, provide more information when error
image is displayed (see also #1428)
- feature#1763: Enable automatic refresh for Time Graph View
- feature#1806: Control low level debug routines via config.php (Develoepr Use)
- feature#1819: Provide CLI program to enable graphs to be removed by scripts
- feature#1969: Graph previews can now be linked using a host's external id
- feature#2006: Introduce new Data Source Profile to handle decade long graphs
- feature#2173: Introduce Device and Graph Template Caching to Speed UI
- feature#2228: Add Device ID to Device search field
- issue: Fix issue with display_custom_error_message() causing problem with system error message handling
- issue: Graph List View was not fully responsive
- issue: Move Graph removal function to Graph API
- issue: On the Data Sources page, if there is no filtered Device and a
Data Source is edited, device association is lost
- issue: Typo in Dutch translations when an error occurred while downgrading
- issue: Unable to display user profile tabs
- issue: Verify all Fields not working due to Cacti 1.x upgrade error
- issue#186: Cacti does not support jQueryUI 1.12.x
- issue#187: Remove the use of jQuery Migrate plugin
- issue#948: Do not create a new datasource when adding a new Graph for the same device/field
- issue#454: Cacti Re-Index does not resolve index changes properly during re-index
- issue#983: Import Template Preview is misleading
- issue#1097: When copying template user, newly created user should always be enabled to allow logging in
- issue#1097: When copying template user, it should be disable to prevent logging in as template user directly
- issue#1174: When display a tree, disable drag and drop unless in edit mode
- issue#1298: Display fatal error to prevent issues caused when system log is not writable
- issue#1350: When switching an Automation Tree Rule's leaf type, remove invalid Automation Rule Items
- issue#1383: CSRF Timeout does not obey session timeout
- issue#1408: Update SQL / Backtrace to use new clean_up_lines() function
- issue#1414: DSSTATS reports incorrectly that a data source does not exist
- issue#1420: Fix issues found by Debian package builds
- issue#1421: Fix issue when SQL had all bad modes, missing variable warning was generated
- issue#1426: Fix issue where remote poller was not using unique filenames when attempting to verify files
- issue#1437: Plugin install hover message sometimes shows line breaks rather than formatted text
- issue#1454: When using oid_regexp_parse, filter indexes to those that match
- issue#1473: Recovery Date overwritten by subsequent checks
- issue#1494: Unable to Deep Link/Bookmark Trees
- issue#1503: Undefined function clearstatscache in DSSTATS
- issue#1507: When saving graph settings from the graph page, the graph template id should not be included
- issue#1510: New Graphs Undefined Variable $graph_template_name
- issue#1521: Force boost to be enabled when there are Remote Data Collectors
- issue#1528: Saving a device can result in WARNINGS related to string vs array handling
- issue#1529: Allow Aggregate Graphs to Sum Bandwidth and Percentile COMMENTS
- issue#1543: Graph Preview appends header=false too many times
- issue#1553: Poller does not set rrd_step_counter correctly if no steps taken
- issue#1559: CLI Output Issues due to over escaping
- issue#1560: Warning that escapeshellarg() is escaping a null
- issue#1567: Technical support - add notification if Cacti and Spine version is different
- issue#1574: User templates are not correctly being applied
- issue#1589: Installer now checks that the temporary folder is writable
- issue#1590: User Admin generates SQL error if user is not part of any groups
- issue#1601: Aggregate Graphs can not include some classes of COMMENT
- issue#1602: PHP ERROR: Call to undefined function api_data_source_cache_crc_update()
- issue#1604: Failed to connect to remote collector
- issue#1606: Boost debug log not functional
- issue#1607: Boost next run time occurs in the past
- issue#1608: Possible boost race conditions
- issue#1609: Remote pollers update 'stats_poller' on main poller
- issue#1617: Editing a data query results in missing $header variable
- issue#1621: Realtime Popup can cause automatic logout
- issue#1626: httpd-error.log have message about Fontconfig
- issue#1634: Default snmp quick print setting resulting in false poller ASSERTS on some php releases
- issue#1651: Check temporary folder has write access during import
- issue#1655: Correct Cacti to handle new MySQL 8.0 reserved word `system`
- issue#1658: Devices drop down should be filtered by Site
- issue#1660: Reports based upon Tree don't maintain graph order
- issue#1665: Must change password not working for local users when main realm is not local
- issue#1669: Console log header grammar issue
- issue#1674: Threads and Processes values not migrated to Poller table during upgrade
- issue#1676: Allow automation discovery to add the same sysname on different hosts
- issue#1682: Slow Select Statement lib/api_automation.php
- issue#1689: Technical Support's RRDTool version should show detected RRD version
- issue#1690: Report a warning if the default collation is not utf8mb4_unicode_ci
- issue#1700: Mail sent without auth causes errors to appear in logs
- issue#1710: RRDtool create command causes first update to fail
- issue#1721: Console Side Bar not correct on first login
- issue#1723: die() messages should include PHP_EOF for better logging
- issue#1726: Poor page performance editing a Graphs Graph Items
- issue#1746: Poller with no hosts does not exit until timeout is reached
- issue#1761: Graph Management page shows bogus template names
- issue#1783: Browser Back button still does not working
- issue#1796: Import: Fixed handling of references to objects not included in file
- issue#1799: Default User log sort should be date descending
- issue#1810: Correct SQL errors with authentication set to no authentication
- issue#1839: Dummy cosmetic bug on down device selection option
- issue#1841: Data Source Stats table not properly migrated from pre 1.x Cacti plugin
- issue#1849: SNMPAgent not sending traps
- issue#1852: Reports Preview/Mails show no graphs
- issue#1889: Insecure $ENV{ENV} which running setgid
- issue#1901: Upgrade from 0.8.8h fails on external_links statement
- issue#1921: Data Query XML field method 'rewrite_index' does not correctly query for value
- issue#1926: Deselecting items should present warning or disable GO button
- issue#1948: Device Template should warn about need to re-sync
- issue#1953: set_default_action() should warn if more than one action provided
- issue#1973: SpikeKill Menu does not display properly
- issue#1976: Default admin permissions do not allow everything
- issue#1982: Certain hooks should occur within api functions rather than UI functions
- issue#2002: api_plugin_db_table_create should support non-string defaults
- issue#2012: For kernel 3.2+, "Linux - Memory - Free" should grep for "MemAvailable:", not "MemFree:"
- issue#2085: CLOG Regex Parser does not verify registered function exists
- issue#2126: api_device.php generates undefined function poller_push_to_remote_db_connect()
- issue#2127: Unable to save error when duplicating graph
- issue#2135: api_tree_lock() and api_tree_unlock() forcing redirection incorrectly
- issue#2143: export.php Illegal string offset 'method'
- issue#2144: Device Management "Status" column does not sort properly
- issue#2152: When editing a device, should show disable/enable option
- issue#2153: Utilities page issues the wrong hook for tabs
- issue#2163: LDAP functions are not consistent
- issue#2164: Login page does not remember selected realm
- issue#2171: datepicker and timepick translation not available
- issue#2178: Header/Footer included more than once
- issue#2182: Graph View missing 'html_graph_template_multiselect()' function
- issue#2184: html_host_filter() does not handle host_id consequently
- issue#2186: Boost generates invalid SQL during on demand update
- issue#2188: SNMP timeout errors are being duplicated
- issue#2191: i18n_themes is not properly primed in global_arrays.php
- issue#2202: Can't create more than one graph with add_graphs.php from one template
- issue#2207: Removing Graph Template does not Remove Data Query Associations
- issue#2217: cmd.php not handling quoted snmp values properly
- issue#2240: SNMP system Data Input Methods should not be modified on import
- issue#2241: Spike removal not functional due to Debian packaging
- security#1072: Prevent exploitation of Data Input Methods to escalate privileges (CVE-2009-4112)
boo#1122535
- security#1882: Bypass output validation in select cases
- security#2212: Stored XSS in "Website Hostname" field
CVE-2018-20724 boo#1122244
- security#2213: Stored XSS in "Website Hostname" field - Devices
CVE-2018-20726 boo#1122242
- security#2214: Stored XSS in "Vertical Label" field - Graph
CVE-2018-20725 boo#1122243
- security#2215: Stored XSS in "Name" field - Color
CVE-2018-20723 boo#1122245
Version: 1.2.25-bp154.2.9.1
* Wed Sep 06 2023 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.25:
* CVE-2023-30534: Protect against Insecure deserialization of filter data (boo#1215082)
* CVE-2023-39360: Cross-Site Scripting vulnerability when creating new graphs (boo#1215044)
* CVE-2023-39361: Unauthenticated SQL Injection when viewing graphs (boo#1215045)
* CVE-2023-39357: SQL Injection when saving data with sql_save() (boo#1215040)
* CVE-2023-39362: Authenticated command injection when using SNMP options (boo#1215047)
* CVE-2023-39359: Authenticated SQL injection vulnerability when managing graphs (boo#1215043)
* CVE-2023-39358: Authenticated SQL injection vulnerability when managing reports (boo#1215042)
* CVE-2023-39365: SQL Injection when using regular expressions (boo#1215051)
* CVE-2023-39364: redirect in change password functionality (boo#1215050)
* CVE-2023-39366: Cross-Site Scripting vulnerability with Device Name when managing Data Sources (boo#1215052)
* CVE-2023-39510: Cross-Site Scripting vulnerability with Device Name when administrating Reports (boo#1215053)
* CVE-2023-39511: Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports (boo#1215081)
* CVE-2023-39512: Cross-Site Scripting vulnerability with Device Name when managing Data Sources (boo#1215054)
* CVE-2023-39513: Cross-Site Scripting vulnerability with Device Name when debugging data queries (boo#1215055)
* CVE-2023-39514: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs (boo#1215056)
* CVE-2023-39515: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries (boo#1215058)
* CVE-2023-39516: Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources (boo#1215059)
* When rebuilding the Poller Cache from command line, allow it to be multi-threaded
* When searching tree or list views, the URL does not update after changes
* When creating a Data Source Template with a specific snmp port, the port is not always applied
* When a Data Query references a file, the filename should be trimmed to remove spurious spaces
* THold plugin may not always install or upgrade properly
* RRD file structures are not always updated properly, if there are more Data Sources in the Data Template than the Graph Template
* When reindexing devices, errors may sometimes be shown
* Boost may loose data when the database server is overloaded
* Boost can sometimes output unexpected or invalid values
* Boost should not attempt to start if there are no items to process
* Rebuilding the poller cache does not always work as expected
* Host CPU items may not work poll as expected when on a remote data collector where hmib is also enabled
* When creating new graphs, invalid offset errors may be generated
* When importing packages, SQL errors may be generated
* When managing plugins from command line, the --plugin option is not properly handled
* When automating an install of Cacti, error messages can be appear
* When performing automated install of a plugin, warnings can be thrown
* Automation references the wrong table name causing errors
* Data Source Info Mode produces invalid recommendations
* Data Source Debug 'Run All' generates too many log messages
* The description of rebuild poller cache in utilities does not display properly
* When reindexing a device, debug information may not always display properly
* Upon displaying a form with errors, the session error fields variable isn't cleared
* MariaDB clusters will no longer support exclusive locks
* RRDtool can fail to update when sources in Data Template and Graph Template data sources do not match
* Compatibility improvements for Boost under PHP 8.x
* When searching the tree, increase the time before querying for items
* Device Location drop down does not always populate correctly
* When viewing Realtime graphs, undefined variable errors may be reported
* SNMP Uptime is not always ignored for spikekills
* Improve detection of downed Devices
* When reporting missing functions from Plugins, ensure messages do not occur too often
* When starting the Cacti daemon, database errors may be reported when there is no problem
* When reporting from RRDcheck, ensure prefix is in the correct casing
* Improve Orphaned Data Source options and display
* Parsing the PHP Configuration may sometimes produce errors
* Security processes attempt to check for a user lockout even if there is no user logged in
* When attempting to edit a tree, the search filter for Graphs remains disabled
* When reindexing, a Data Source that could be un-orphaned may not always be unorphaned
* When parsing a date value, there could be more than 30 chars
* Untemplated Data Sources can fail to update due to lack of an assigned Graph
* When processing items to check, do not include disabled hosts
* When saving a Data Source Template, SQL errors may be reported
* When importing a Template, errors may be recorded
* Some display strings have invalid formatting that cannot be parsed
* When filtering with regular expressions, the 'does not match' option does not always function as expected
* When enabling a plugin, sometimes it can appear as if nothing happens
* Ensure the Rows Per Page option shows limitations set by configuration
* Plugins are unable to modify fields in the setting 'Change Device Settings'
* When reporting emails being sent, ensure BCC addresses are also included
* Improve compatibility of SNMP class trim handling under PHP 8.x
* When importing legacy Data Query Templates, the Template can become unusable
* Provide ability to raise an event when extending the settings form
* Prevent unsupported SQL Mode flags from being set
* The DSStats summary does not always display expected values
* When performing a fresh install, device classification may be missing.
* Duplication functions for Graph/Template and Data Source/Template do not return and id
* Duplication of Device Templates should be an API call
* Unable to convert database to latin1 instead of utf8 if desired
* When creating Graphs, the process may become slower over time as more items exist
* When a bulk walk size is set to automatic, this is not always set to the optimal value
* Update copyright notice on import packages
* When viewing Orphan Graphs, SQL errors may be reported
* When reindexing hosts from command line, ensure only one process runs at once
* When a Data Query has no Graphs, it may not be deletable
* When duplicating a Graph Template, provide an option to not duplicate Data Query association
* When duplicating a Data Template errors can appear in the Cacti log
* When importing a Package, previewing makes unexpected changes to Cacti Templates
* When enabling boost on a fresh install, an error may be reported
* Improve compatibility for backtrace logging under PHP 8.x
* Improve compatibility for Advanced Ping under PHP 8.x
* Provide new templates for Fortigate and Aruba Cluster to be available during install
* Provide new template for SNMP Printer to be available during install
* When importing devices, allow a device classification to be known
* Extend length of maximum name in settings table
* Extend length of maximum name in user settings table
* Data Queries do not have a Duplication function
* Upgrade d3.js v7.8.2 and billboard.js v3.7.4
* Upgrade ua-parser.js to version 1.0.35
* Update Cisco Device Template to include HSRP graph template
* New hook for device template change 'device_template_change'
* Mon Feb 27 2023 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.24
* Fix: Unable to import Local Linux Machine template
* Fix multiple charting and display issues
* Compatibility changes for SNMP under PHP 8.2, and other PHP
compatibility updates
* Fix multiple issues editing settings
* timeout fixes for Basic Auth
* multiple data poller bug fixes
Version: 1.2.25-35.1
* Wed Sep 06 2023 andreas.stieger@gmx.de
- cacti 1.2.25:
* CVE-2023-30534: Protect against Insecure deserialization of filter data (boo#1215082)
* CVE-2023-39360: Cross-Site Scripting vulnerability when creating new graphs (boo#1215044)
* CVE-2023-39361: Unauthenticated SQL Injection when viewing graphs (boo#1215045)
* CVE-2023-39357: SQL Injection when saving data with sql_save() (boo#1215040)
* CVE-2023-39362: Authenticated command injection when using SNMP options (boo#1215047)
* CVE-2023-39359: Authenticated SQL injection vulnerability when managing graphs (boo#1215043)
* CVE-2023-39358: Authenticated SQL injection vulnerability when managing reports (boo#1215042)
* CVE-2023-39365: SQL Injection when using regular expressions (boo#1215051)
* CVE-2023-39364: redirect in change password functionality (boo#1215050)
* CVE-2023-39366: Cross-Site Scripting vulnerability with Device Name when managing Data Sources (boo#1215052)
* CVE-2023-39510: Cross-Site Scripting vulnerability with Device Name when administrating Reports (boo#1215053)
* CVE-2023-39511: Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports (boo#1215081)
* CVE-2023-39512: Cross-Site Scripting vulnerability with Device Name when managing Data Sources (boo#1215054)
* CVE-2023-39513: Cross-Site Scripting vulnerability with Device Name when debugging data queries (boo#1215055)
* CVE-2023-39514: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs (boo#1215056)
* CVE-2023-39515: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries (boo#1215058)
* CVE-2023-39516: Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources (boo#1215059)
* When rebuilding the Poller Cache from command line, allow it to be multi-threaded
* When searching tree or list views, the URL does not update after changes
* When creating a Data Source Template with a specific snmp port, the port is not always applied
* When a Data Query references a file, the filename should be trimmed to remove spurious spaces
* THold plugin may not always install or upgrade properly
* RRD file structures are not always updated properly, if there are more Data Sources in the Data Template than the Graph Template
* When reindexing devices, errors may sometimes be shown
* Boost may loose data when the database server is overloaded
* Boost can sometimes output unexpected or invalid values
* Boost should not attempt to start if there are no items to process
* Rebuilding the poller cache does not always work as expected
* Host CPU items may not work poll as expected when on a remote data collector where hmib is also enabled
* When creating new graphs, invalid offset errors may be generated
* When importing packages, SQL errors may be generated
* When managing plugins from command line, the --plugin option is not properly handled
* When automating an install of Cacti, error messages can be appear
* When performing automated install of a plugin, warnings can be thrown
* Automation references the wrong table name causing errors
* Data Source Info Mode produces invalid recommendations
* Data Source Debug 'Run All' generates too many log messages
* The description of rebuild poller cache in utilities does not display properly
* When reindexing a device, debug information may not always display properly
* Upon displaying a form with errors, the session error fields variable isn't cleared
* MariaDB clusters will no longer support exclusive locks
* RRDtool can fail to update when sources in Data Template and Graph Template data sources do not match
* Compatibility improvements for Boost under PHP 8.x
* When searching the tree, increase the time before querying for items
* Device Location drop down does not always populate correctly
* When viewing Realtime graphs, undefined variable errors may be reported
* SNMP Uptime is not always ignored for spikekills
* Improve detection of downed Devices
* When reporting missing functions from Plugins, ensure messages do not occur too often
* When starting the Cacti daemon, database errors may be reported when there is no problem
* When reporting from RRDcheck, ensure prefix is in the correct casing
* Improve Orphaned Data Source options and display
* Parsing the PHP Configuration may sometimes produce errors
* Security processes attempt to check for a user lockout even if there is no user logged in
* When attempting to edit a tree, the search filter for Graphs remains disabled
* When reindexing, a Data Source that could be un-orphaned may not always be unorphaned
* When parsing a date value, there could be more than 30 chars
* Untemplated Data Sources can fail to update due to lack of an assigned Graph
* When processing items to check, do not include disabled hosts
* When saving a Data Source Template, SQL errors may be reported
* When importing a Template, errors may be recorded
* Some display strings have invalid formatting that cannot be parsed
* When filtering with regular expressions, the 'does not match' option does not always function as expected
* When enabling a plugin, sometimes it can appear as if nothing happens
* Ensure the Rows Per Page option shows limitations set by configuration
* Plugins are unable to modify fields in the setting 'Change Device Settings'
* When reporting emails being sent, ensure BCC addresses are also included
* Improve compatibility of SNMP class trim handling under PHP 8.x
* When importing legacy Data Query Templates, the Template can become unusable
* Provide ability to raise an event when extending the settings form
* Prevent unsupported SQL Mode flags from being set
* The DSStats summary does not always display expected values
* When performing a fresh install, device classification may be missing.
* Duplication functions for Graph/Template and Data Source/Template do not return and id
* Duplication of Device Templates should be an API call
* Unable to convert database to latin1 instead of utf8 if desired
* When creating Graphs, the process may become slower over time as more items exist
* When a bulk walk size is set to automatic, this is not always set to the optimal value
* Update copyright notice on import packages
* When viewing Orphan Graphs, SQL errors may be reported
* When reindexing hosts from command line, ensure only one process runs at once
* When a Data Query has no Graphs, it may not be deletable
* When duplicating a Graph Template, provide an option to not duplicate Data Query association
* When duplicating a Data Template errors can appear in the Cacti log
* When importing a Package, previewing makes unexpected changes to Cacti Templates
* When enabling boost on a fresh install, an error may be reported
* Improve compatibility for backtrace logging under PHP 8.x
* Improve compatibility for Advanced Ping under PHP 8.x
* Provide new templates for Fortigate and Aruba Cluster to be available during install
* Provide new template for SNMP Printer to be available during install
* When importing devices, allow a device classification to be known
* Extend length of maximum name in settings table
* Extend length of maximum name in user settings table
* Data Queries do not have a Duplication function
* Upgrade d3.js v7.8.2 and billboard.js v3.7.4
* Upgrade ua-parser.js to version 1.0.35
* Update Cisco Device Template to include HSRP graph template
* New hook for device template change 'device_template_change'
* Mon Feb 27 2023 andreas.stieger@gmx.de
- cacti 1.2.24
* Fix: Unable to import Local Linux Machine template
* Fix multiple charting and display issues
* Compatibility changes for SNMP under PHP 8.2, and other PHP
compatibility updates
* Fix multiple issues editing settings
* timeout fixes for Basic Auth
* multiple data poller bug fixes
Version: 1.2.20-26.1
* Fri Apr 22 2022 rpm@fthiessen.de
- Update to 1.2.20
* Security fix for CVE-2022-0730, boo#1196692
Under certain ldap conditions, Cacti authentication can be
bypassed with certain credential types.
* Security fix: Device, Graph, Graph Template,
and Graph Items may be vulnerable to XSS issues
* Security fix: Lockout policies are not properly applied to LDAP
and Domain Users
* Security fix: When using 'remember me' option, incorrect realm
may be selected
* Security fix: User and Group maintenance are vulnerable to SQL attacks
* Security fix: Color Templates are vulnerable to XSS attack
* Features:
* When creating a Data Source Profile, allow additional choices for Heartbeat
* Change select all options to use Font Awesome icons
* Improve spine performance by storing the total number of system snmp_ports in use
* Prevent Template User Accounts from being Removed
* When managing by users, allow filtering by Realm
* Allow plugins to supply template account names
* When viewing logs, additional message types should be filterable
* When creating a Graph Template Item, allow filtering by Data Template
* Allow language handler to be selected via UI
* Updated Device packages for Synology, Citrix NetScaler, Cisco ASA/Cisco
* Add Advanced Ping Graph Template to initial Installable templates
* Add LDAP Debug Mode option
* Allow Reports to include devices not on a Tree
* Allow Basic Authentication to display custom failure message
* Fix: When replicating data during installation/upgrade,
system may appear to hang
* Fix: Graph Template Items may have duplicated entries
* Fix: Unable to Save Graph Settings
* Fix: Script Server may crash if an OID is missing or unavailable
* Fix: When system-wide polling is disabled,
remote pollers may fail to sync changed settings
* Fix: When updating poller name, duplicate name protection may be over zealous
* Fix: Titles may show "Missing Datasource" incorectly
* Fix: Checking for MIB Cache can cause crashes
* Fix: Polling cycles may not always complete as expected
* Fix: When viewing graph data, non-numeric values may appear
* Fix: Utilities view has calculation errors when there are no data sources
* Fix: When editing Reports, drag and drop may not function as intended
* Fix: When data drive is full, viewing a Graph can result in errors
* Various other bug fixes
* Sat Nov 06 2021 andreas.stieger@gmx.de
- cacti 1.2.19:
* Further fixes for grave character security protection (boo#1192408)
* Fix Over aggressive escaping causing menu visibility issues on Create Device page
* Add SHA256 and AES256 security levels for SNMP polling
* Import graph template(Preview Only) show color_id new value as a blank area
* Fix Editing graphs errors due to missing sequence
* Fix 2hen hovering over a Tree Graph, row shows same highlighting as Graph Edit screen
* Fix 2hen RealTime is not active, console errors may appear
* Fix race conditions may occur when multiple RRDtool processes are running
* Fix errors creating graphs from templates
* Fix errors when duplicating reports
* Fix Boost may be blocked by overflowing poller_output table
* Fix Template import may be blocked due to unmet dependency warnings with snmp ports
* Fix Newer MySQL versions may error if committing a transaction when not in one
* Fix SNMP Agent may not find a cache item
* Fix Correct issues running under PHP 8.x
* Fix When polling is disabled, boost may crash and creates many arch tables
* Fix When poller runs, memory tables may not always be present
* Fix Timezones may sometimes be incorrectly calculated
* Fix Allow monitoring IPv6 with interface graphs
* Fix When a data source uses a Data Input Method, those without a mapping should be flagged
* Fix When RRDfile is not yet created, errors may appear when displaying the graph
* Fix Cacti missing key indexes that result in Preset pages slowdowns
* Fix Data Sources page shows no name when Data Source has no name cache
* Fix db_update_table function can not alter table from signed to unsigned
* Fix data remains in poller_output table even if it's flushed to rrd files
* Fix Parameter list for lib/database.php:db_connect_real() is not correct in 3 places
* Fix Offset is a reserved word in MariaDB 10.6 affecting Report
* Fix Rendering large trees slowed due to lack of permission caching
* Fix Error on interpretation of snmpUtime, when to big
* Fix Applying right axis formatting creates an error-image
* Fix Unable to Save Graph Settings from the Graphs pages
* Fix Graph Template Cache is nullified too often when Graph Automation is running
* Fix When Adding a Data Query to a Device, no Progress Spinner is shown
* Fix New Browser Breaks Plugins that depend on non UTC date time data
* Fix errors when testing remote poller connectivity
* Fix errors when renaming poller
* Fix Removing spikes by Variance does not appear to be working beyond the first RRA
* Fix LDAP API lacks timeout options leading to bad login experiences
* Add a normal/wrap class for general use
* Limit File Types available for Template Import operations
* Fix Cacti does not provide an option of providing a client side certificate for LDAP/AD authentication
* Support Stronger Encryption Available Starting in Net-SNMP v5.8
* Allow Cacti to use multiple possible LDAP servers
* Add a 15 minute polling/sampling interval
* Provide additional admin email notifications
* Add warnings for undesired changes to plugin hook return values
* When creating a Graph, make testing the Data Sources optional by Template
* Update phpseclib to 2.0.33
* Update jstree.js to 3.3.12
* Improve performance of Cacti poller on heavily loaded systems
* MariaDB recommendations need some tuning for recent updates
Version: 1.2.16-bp151.4.18.1
* Fri Dec 18 2020 Andreas Stieger <andreas.stieger@gmx.de>
- fix httpd startup errors due to mismatched configuration
directives boo#1175314
* Thu Dec 03 2020 Paolo Stivanin <info@paolostivanin.com>
- cacti 1.2.16:
* When generating a report, the Cascade to Branches function does not as expected
* When viewing graphs, automatic refresh so not always work as expected
* Realtime graph pop up counter bug
* Undefined variable errors may occur when creating a new datasource
* The cli-based installer does not exit with a non-zero exit code when error occurs
* When an export is complete, sometimes the progress bar remains
* When enabling many devices, a threshold can be reached causing a slowdown in the process
* When performing actions against Devices, replicated device information could sometimes be lost
* When using API to rename a tree node, backtrace may be incorrectly shown
* When searching, valid pages can sometimes be shown as empty by ddb4github
* When exporting data from graphs, not all data was properly included
* Graph Templates filter is not updated after new graph created by ddb4github
* Username and password on the login page is not visible in Classic theme
* Improve wording of concurrent process and thread settings
* Location filter should remove blank entries by ddb4github
* When syncing data collectors, a reindex event may be triggered unnecessarily
* Automation Networks allows discovery of invalid IP addresses
* When changing permissions of the current user, they don't take effect immediately
* When reindexing a device, an incorrect page was sometimes displayed
* When repairing database, audit_database.php does not add missing columns
* Log page should not be empty if no log info exists
* During upgrade, there are times when realms can be duplicated leading to SQL errors
* When using ping.php, UDP response times are not interpreted properly by hypnotoad
* Improve warning you get when attempting to view a log file you don't have access to
* When replicating files, scripts are not marked as executable
* When creating plugin tables, collation is not set properly
* Update c3.js to version 0.7.20
* Update Chart.js to version 2.9.4
* Update phpseclib to version 2.0.29
* Update PHPMailer to version 6.1.8
* Use LSB shebang notation for cli scripts
* Add support for cactid daemon based launcher
* Add ability to hide the Graph Drilldown icons by datatecuk
* Add hooks for plugins to show custom Graph Source and custom Template URL (List View)
* Wed Nov 11 2020 Andreas Stieger <andreas.stieger@gmx.de>
- cacti 1.2.15, fixing the following bugs:
* When editing Maximum OIDs Per Get Request, blank value can cause errors
* Boost may run more often than it should
* Recache Event Loop can cause Interface Graphs to show gaps
* When searching Graph Tree's, non matching devices remain visible
* Page validation errors may occur when opening real time graphs
* External Links do not always open if they are still open from previous usage
* Cultural changes to various word usage
* Replicate deleted device status instead of poller sync
* Description field allows more characters entered than is stored
* When installing or upgrading, LDAP functions may not always be included properly
* Unable to remove discovered device
* When installing or upgrading, PHP recommendations may not always return a valid value
* Graph Templates has duplicate SQL delete statement
* When syncing to remote poller, missing function errors may occur
* When removing devices from remote pollers, devices may reappear without details
* When removing devices, array errors may sometimes be recorded
* Variable injection does not always work as expected
* Editing Data Queries with multiple data templates can give errors about Suggested values
* Progress bar does not provide enough visual information during long page loads
* Some themes do not allow for a way to see which user is currently signed in
* When viewing tables, allow users to force all columns to be visible
* Column sizing is being lost between pages refreshes
* When viewing input methods table, no ID is shown to help identify which method is being viewed
* Filters do not always respect using keyboard to initiate searching
* When exporting a data query, an invalid column name error can sometimes be shown
* When checking if a view is allowed, having no session can result in errors
* When removing devices via the CLI, undefined variable errors may be seen
* Real Time Graphs may cause invalid index errors
* On newer versions of MySQL/MariaDB, 'system' keyword can cause issues
* Plugin setup can generate errors when reading options via system function
* Plugin version numbers can be unexpectedly truncated
* When PHP Session is set to autostart, an error can be reported as Cacti attempts to start it
* When removing multiple items, selection process does not always work
* When exporting colors, the indicator is not always removed upon completion
* Unable to pass tree and leaf ID to 'graph_button' hook
* When performing maintenance, various errors may sometimes be seen
* When Guest User setting is active, current user is not always properly set
* When installing Cacti, minor errors in text can be seen
* Numbers are not always formatted properly when there are no decimal places
* When viewing Real Time Graphs, an undefined index error may be recorded
* Minor memory leaks and refresh issues when zooming on graphs
* Real Time Graphs may sometimes fail due to folder permissions
* Navigation can sometimes occur unexpectedly due to background timers
* Trees management screen not reporting correct number of trees
* Tree sequences can sometimes skip numbers during resorting
* Guest user selection should not allow setting the currently logged in user
* Links in Table Headers do not show clearly when in modern theme
* Under some cases tree logic leads to undefined index errors
* Cacti Data Debug can show errors if the Data Source is damaged or has been removed
* When importing a data query, an invalid column name error can sometimes be shown
* When using shift functions on graphs, negative values are not allowed
* Correct issue when file is unreadable reporting no file was specified
* Orphaned Plugins have no option to be removed
* Update MySQL recommendations for Character Set and Colation
* Correct sorting of IP addresses to be numeric not alpha by JamesTilt
* Saving a device should not always repopulate the poller cache
Version: 1.2.16-17.1
* Fri Dec 18 2020 andreas.stieger@gmx.de
- fix httpd startup errors due to mismatched configuration
directives boo#1175314
* Thu Dec 03 2020 info@paolostivanin.com
- cacti 1.2.16:
* When generating a report, the Cascade to Branches function does not as expected
* When viewing graphs, automatic refresh so not always work as expected
* Realtime graph pop up counter bug
* Undefined variable errors may occur when creating a new datasource
* The cli-based installer does not exit with a non-zero exit code when error occurs
* When an export is complete, sometimes the progress bar remains
* When enabling many devices, a threshold can be reached causing a slowdown in the process
* When performing actions against Devices, replicated device information could sometimes be lost
* When using API to rename a tree node, backtrace may be incorrectly shown
* When searching, valid pages can sometimes be shown as empty by ddb4github
* When exporting data from graphs, not all data was properly included
* Graph Templates filter is not updated after new graph created by ddb4github
* Username and password on the login page is not visible in Classic theme
* Improve wording of concurrent process and thread settings
* Location filter should remove blank entries by ddb4github
* When syncing data collectors, a reindex event may be triggered unnecessarily
* Automation Networks allows discovery of invalid IP addresses
* When changing permissions of the current user, they don't take effect immediately
* When reindexing a device, an incorrect page was sometimes displayed
* When repairing database, audit_database.php does not add missing columns
* Log page should not be empty if no log info exists
* During upgrade, there are times when realms can be duplicated leading to SQL errors
* When using ping.php, UDP response times are not interpreted properly by hypnotoad
* Improve warning you get when attempting to view a log file you don't have access to
* When replicating files, scripts are not marked as executable
* When creating plugin tables, collation is not set properly
* Update c3.js to version 0.7.20
* Update Chart.js to version 2.9.4
* Update phpseclib to version 2.0.29
* Update PHPMailer to version 6.1.8
* Use LSB shebang notation for cli scripts
* Add support for cactid daemon based launcher
* Add ability to hide the Graph Drilldown icons by datatecuk
* Add hooks for plugins to show custom Graph Source and custom Template URL (List View)
* Wed Nov 11 2020 andreas.stieger@gmx.de
- cacti 1.2.15, fixing the following bugs:
* When editing Maximum OIDs Per Get Request, blank value can cause errors
* Boost may run more often than it should
* Recache Event Loop can cause Interface Graphs to show gaps
* When searching Graph Tree's, non matching devices remain visible
* Page validation errors may occur when opening real time graphs
* External Links do not always open if they are still open from previous usage
* Cultural changes to various word usage
* Replicate deleted device status instead of poller sync
* Description field allows more characters entered than is stored
* When installing or upgrading, LDAP functions may not always be included properly
* Unable to remove discovered device
* When installing or upgrading, PHP recommendations may not always return a valid value
* Graph Templates has duplicate SQL delete statement
* When syncing to remote poller, missing function errors may occur
* When removing devices from remote pollers, devices may reappear without details
* When removing devices, array errors may sometimes be recorded
* Variable injection does not always work as expected
* Editing Data Queries with multiple data templates can give errors about Suggested values
* Progress bar does not provide enough visual information during long page loads
* Some themes do not allow for a way to see which user is currently signed in
* When viewing tables, allow users to force all columns to be visible
* Column sizing is being lost between pages refreshes
* When viewing input methods table, no ID is shown to help identify which method is being viewed
* Filters do not always respect using keyboard to initiate searching
* When exporting a data query, an invalid column name error can sometimes be shown
* When checking if a view is allowed, having no session can result in errors
* When removing devices via the CLI, undefined variable errors may be seen
* Real Time Graphs may cause invalid index errors
* On newer versions of MySQL/MariaDB, 'system' keyword can cause issues
* Plugin setup can generate errors when reading options via system function
* Plugin version numbers can be unexpectedly truncated
* When PHP Session is set to autostart, an error can be reported as Cacti attempts to start it
* When removing multiple items, selection process does not always work
* When exporting colors, the indicator is not always removed upon completion
* Unable to pass tree and leaf ID to 'graph_button' hook
* When performing maintenance, various errors may sometimes be seen
* When Guest User setting is active, current user is not always properly set
* When installing Cacti, minor errors in text can be seen
* Numbers are not always formatted properly when there are no decimal places
* When viewing Real Time Graphs, an undefined index error may be recorded
* Minor memory leaks and refresh issues when zooming on graphs
* Real Time Graphs may sometimes fail due to folder permissions
* Navigation can sometimes occur unexpectedly due to background timers
* Trees management screen not reporting correct number of trees
* Tree sequences can sometimes skip numbers during resorting
* Guest user selection should not allow setting the currently logged in user
* Links in Table Headers do not show clearly when in modern theme
* Under some cases tree logic leads to undefined index errors
* Cacti Data Debug can show errors if the Data Source is damaged or has been removed
* When importing a data query, an invalid column name error can sometimes be shown
* When using shift functions on graphs, negative values are not allowed
* Correct issue when file is unreadable reporting no file was specified
* Orphaned Plugins have no option to be removed
* Update MySQL recommendations for Character Set and Colation
* Correct sorting of IP addresses to be numeric not alpha by JamesTilt
* Saving a device should not always repopulate the poller cache
Version: 1.2.11-5.1
* Sat Apr 11 2020 andreas.stieger@gmx.de
- cacti 1.2.11:
* security fixes and hardening (boo#1169215)
+ Add SameSite support for cookies
+ Cookie should be properly verified against password
+ CSRF at Admin Email
+ Improper Access Control on disabling a user
+ Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1
* a number of bug fixes
* feature additions
+ Allow system uptime to be a variable for use with graphs
+ Add Refresh Interval to Data Collectors display
+ Add Location based filtering
+ Allow for Purging of Data Source Statistics from the GUI
+ Restore ability to duplicate a data profile
+ Enhance table navigation bars to support systems with larger number of items
+ Increase length of Graph Item 'value' field to support pango-markup better
+ Allow Basic Auth Accounts to be mapped by CSV file
+ Make form elements under checkbox_groups flow using flex grid style
+ Set the domain attribute to secure cookies for the 'remember me' option
+ Enhance the "Graph Debug Mode" to display RRDtool Command lengths and excess warnings
* Sun Mar 15 2020 info@paolostivanin.com
- cacti 1.2.10:
* CVE-2020-8813: when guest users have access to realtime graphs,
remote code could be executed (boo#1164675)
* When using User Domains, global template user is used instead of
the configured domain template user
* Unix timestamps after Sep 13 2020 are rejected as graph start/end
arguments
* many bug fixes
* Sat Feb 15 2020 andreas.stieger@gmx.de
- cacti 1.2.9:
* CVE-2020-7106: Lack of escaping on some pages could lead to XSS
exposure (boo#1161297)
* CVE-2020-7237: Remote Code Execution due to input validation
failure in Performance Boost Debug Log (boo#1161297)
* many bug fixes
* Sun Feb 02 2020 andreas.stieger@gmx.de
- cacti 1.2.8:
* CVE-2019-17357: When viewing graphs, some input variables were
not properly checked (SQL injection possible) [boo#1158990]
* CVE-2019-17358: Unsafe deserialisation of data [boo#1158992]
* When using HTTPS, secure cookie to prevent potential weakness
* various bug fixes
* Thu Oct 17 2019 rbrown@suse.com
- Remove obsolete Groups tag (fate#326485)
* Mon Sep 30 2019 liedke@rz.uni-mannheim.de
-Build version 1.2.7
- security#2964: CVE-2019-16723 Security issue allows to view all graphs
- issue#1181: When opening the Scheduler, it may appear off screen when
opened near the bottom of a window
- issue#2894: When using Remote Data Collectors, database information and
recommendations may show Incorrect values
- issue#2895: When using data sources from different RRDs, Percentile
calculation may be incorrect
- issue#2899: When displaying a form, variable substitution may not always
work as expected
- issue#2922: When running a data query, the result may come back as undefined
- issue#2925: When using consolidation functions, retrieving the first step
can cause errors
- issue#2926: When editing a graph, variable validation errors may prevent
changes from being saved
- issue#2929: Boost performance may become poor even in single server mode
- issue#2930: RRDtool can generate errors to standard output which can corrupt images
- issue#2932: When RRDTool generates an error creating an image, it is not
always reportedly properly
- issue#2936: Installer will loop when number of tables exceeds PHP's max_input_vars limit
- issue#2938: Under CentOS packages, upgrade_database.php script uses incorrect
location for DB upgrade scripts
- issue#2940: Images are not always properly sized until the page size changes
- issue#2949: Order icons may not be properly aligned
- issue#2951: Allow legends to be modified for Aggregate Graphs
- issue#2958: Drop down autocomplete lists do not always open as expected
- issue#2961: When syncing device templates, undefined function may be raised
- issue#2963: When running ss_cpoller script, avgTime incorrect returns maxTime
- issue#2966: Realtime popup windows do not always honor settings
- issue#2967: When using Spikekill, gap and range fill are not operating as expected
- issue#2970: When a user edits their profile, buttons may appear as unusable whilst
still being enabled
- issue#2973: User menu does not always display properly on mobile devices
- issue#2974: Script Server can raise unexpected warnings when 'arg_num_indexes'
set but not found in data source
- issue#2975: Datasource Debug does not properly handle European numbers in
certain circumstances
- issue#2976: Boost messages should be stored in their own log file
- issue#2977: Data updates with past timestamps can cause boost errors
- issue#2978: Moving hosts between data collectors is slow
- issue#2979: Multi Output Fields are not parsed correctly
- issue#2984: When checking SQL fields, value was not always primed
- issue#2986: Selecting 'Devices' menu pick closes 'Management' menu
- feature#2943: Allow all Data Queries of a device to be re-indexed at once
- feature#2952: If device is down or threshold breached, highlight in tree view
- feature#2985: Update phpseclib to 2.0.23
* Mon Sep 02 2019 liedke@rz.uni-mannheim.de
-Build version 1.2.6
- issue#2794: Graph template not saved on graph edit
- issue#2825: "innodb_doublewrite = off" possibly dangerous recommendation
- issue#2829: PHP recommendations always see memory limit as unlimited
- issue#2830: Disabled Top/Bottom external links should not be displayed
- issue#2832: Install/Upgrade log does not show anything
- issue#2833: Undefined index can occur when data source does not have an
snmp_index
- issue#2834: Boost performance drops on very large systems
- issue#2835: When creating graphs and inneficient query is causing long
creation times
- issue#2837: Sunrise theme does not render checkboxes 100% correctly
- issue#2838: jQueryMultiselect does not match upstream due to forking
- issue#2839: Non regular expression search filters don't support international
characters
- issue#2841: Total count is wrong after searching for External Link pages
- issue#2843: DSStats reruns Daily Aggregation every minute
- issue#2844: Autocomplete settings for passwords are not properly defined
- issue#2845: Data Template can't be edited when it is in use
- issue#2846: Allow tooltips for section headers with 'question' icon
- issue#2847: Permanently convert an Aggregate to a regular graph
- issue#2848: Aggregate graphs get clipped due to incorrect date range
- issue#2856: Aggregate issues with very long RRDtool command lines
- issue#2857: When trying to find the best index to use, a 'must implement
Countable' warning appears
- issue#2860: When testing remote poller connections during install, undefined
variable warning can occur
- issue#2862: Automation does not calculate network information correctly for
single hosts
- issue#2866: Add poller ID to subject for admin notifications
- issue#2869: When creating aggregates from Graphs, JavaScript issues can occur
- issue#2872: Add support for MySQL 8 and use of grouping as name for a column
- issue#2875: Undefined variable when removing spikes in some cases
- issue#2877: When attempting to send report, undefined function 'get_tinespan' messages appear
- issue#2878: Function get_magic_quotes_gpc() is now deprecated in PHP 7.4
- issue#2879: Switching from authPriv to authNoPriv produces error when saving
- issue#2884: Replication continues to occur when poller has been disabled by sysres-dev
- issue#2891: Script server script ss_fping.php generates error when not called
by script server
- issue#2895: Percentile calculation is incorrect on Graphs with multiple Data
Sources from different RRDs
- issue#2901: Poller overrun warning message is badly worded
- issue#2902: Mailer incorrectly reports it is sending to noone
- issue#2903: PHP recommendations can generate a warning causing JSON issues
- issue#2905: Sorting plugins by version can lead to unexpected ordering
- issue#2907: SSL column for multiple pollers can be incorrectly set causing SQL errors
- issue#2908: When URL_PATH is blank, it should assume that it is '/'
- issue#2909: Correct usage of affect vs effect in strings
- issue#2910: Can not show user menu when in portrait mode on mobile devices
- issue#2911: Graph variables are not always encoded to JSON properly resulting in warnings
- issue#2912: Navigation cache can sometimes be corrupted resulting in a non-array value
- issue#2913: When adding new graphs, the type of graph is not remembered
- issue#2917: Action icons next to graphs can sometimes become unselectable due to zoom
- issue#2919: When refreshing menu, selected items are sometimes lost and submenu
items can become hidden
* Tue Jul 16 2019 liedke@rz.uni-mannheim.de
-Build version 1.2.5
- issue#1978: Popup Menus can appear off screen when using Graph Thumbnails
- issue#2282: Installation wizard does not detect RRDtool version correctly
- issue#2524: When editing a tree, Drag and Drop of Devices does not always
work as expected
- issue#2573: Associated Graph Template for Data Query can sometime disappear
- issue#2656: GPRINT text_format does not replace Data Query and Host Fields
- issue#2661: Automation does not always calculate network range/subnet correctly
- issue#2663: Some legacy Data Queries can not determine their index order
causing broken graphs
- issue#2674: Large strings can sometimes cause language translation can fail
- issue#2719: Automation may sometimes create empty graphs
- issue#2721: When replacing '|input_xxxx|' strings, undefined index can occur
- issue#2722: Calls to _db_replace() are not consistent resulting in warnings
- issue#2723: When replicating to remote pollers, Undefined Variable errors may be seen
- issue#2724: When graphing HRULE items, 'Only Variables should be passed by
reference' error may be seen
- issue#2725: When viewing logs in utilities, filenames should be limited the same as clog
- issue#2726: During Automation logging, include the Rule ID that triggers
the creation of an item by xmacan
- issue#2732: When using basic authentication, automatically strip any @domain information
- issue#2734: Allow non-english labels to be used on Graph Templates
- issue#2727: When using Polling Hosts Template, warnings can be issued when
CMD.PHP is the poller
- issue#2733: When processing SNMP data, space delimited hex strings do not
always convert into MAC addresses
- issue#2735: Mouse cursor should show as default pointer if column is not sortable
- issue#2736: When using MySQL 8 or above, 'function' is considered a reserved word
unless quoted by xmacan
- issue#2741: Various errors can occur due to undefined or incorrect variable names
- issue#2742: Various errors can occur due to undefined or incorrect variable names
- issue#2743: Attempts to close a tooltip when no tooltip has been set may cause errors
- issue#2744: When changing password, undefined index error can occur if user is not logged in
- issue#2748: If PHP location setting is invalid during install/upgrade, this
should be notified on modules page
- issue#2750: When performing multiple sort, highlighting of content occurs
- issue#2751: When editing a Tree, display filter may not allow 'All' option to work
- issue#2752: When running verbose query on device, you are unable to copy text from items
- issue#2753: Unable to copy entire verbose query using clipboard command
- issue#2757: Page Navigation can be subject to XSS injection
- issue#2758: Various sensitive directories are browsable if web server directory browsing is enabled
- issue#2760: Unable to add items into a report
- issue#2762: Creating an aggregate graph can sometimes fail due to unknown RRD tools error
- issue#2766: When modifying Aggregate Templates, changes are not always cascaded to Graph
- issue#2768: Aggregate Graphs may sometimes show the wrong row count
- issue#2770: ItemType is not updated when saving Report Items
- issue#2772: Add tooltip support to html_header() and html_header_checkbox()
- issue#2775: Remote pollers may sometimes fail to replicate data back to main system
- issue#2777: Attempting to edit a non-existent report generates an error
- issue#2778: When rendering graphs, resizing can sometimes occur repeatedly
- issue#2779: On new installations, automation rules for Interface Graphs are broken
- issue#2780: Upgrade database script not actually upgrading Cacti
- issue#2782: When replicating the syslog plugin, the configuration file is ignored causing errors
- issue#2783: When limiting the number of displayed characters, international characters
may sometimes display incorrectly
- issue#2784: When removing a device with graphs but no data sources , errors are generated
- issue#2785: When editing a graph rule, warnings incorrectly appear about unsaved changes
- issue#2792: When a checkbox 'friendly name' has a comma, checkbox functionality stops working
- issue#2797: When upgrading from before 1.x, SuperLinks view permissions may not be correct
- issue#2799: Under heavy use of Real Time Graphs, SQL errors may start appearing
- issue#2800: When editing a tree, using a comma in the search field stops search from working
- issue#2802: If a Device lacks ifName, an alternative field is not always found even if available
- issue#2807: When editing a Data Template that has dependant graphs, some attributes
should not be modifiable
- issue#2808: When navigating a tree, the layout may unexpectedly move
- issue#2814: When viewing the utilities page, HTML tags may be seen rather than rendered
- issue#2816: When viewing logs, paging does not always working correctly
- issue#2818: Automation can sometimes incorrectly add duplicate devices with the same sysname
- issue#2820: When path is blank, is_resource_writable() will generate 'Uninitialized string offset: -1'
- issue#2821: When the desired locale can not be located, a number format issue may occur
- feature#2728: Update phpseclib to 2.0.17 by DavidLiedke
- feature#2809: Update c3.js & d3.js by DavidLiedke
- feature#2730: Update jstree.js to 3.3.8 by DavidLiedke
- feature#2754: Allow Devices, Graphs and Data Sources to be searched by ID
- feature#2765: When editing a tree, allow cascading selection of available graphics
- feature#2805: Merged plugins are not always upgraded correctly
- feature#2823: Enhance the splice_rrd.php to be able to merge RRDfiles of differing step
* Thu Jun 13 2019 liedke@rz.uni-mannheim.de
-Build version 1.2.4
- issue#2523: Send A Test Email stops working under PHP 7.3
- issue#2589: Missing RRD file can cause DSSTATS to throw errors
- issue#2590: When installing, chosen language is sometimes lost
- issue#2591: Menu selection does not always match selected page/section
- issue#2592: When viewing an aggregate graph, 'Display graphs from this aggregate'
option does always not work
- issue#2593: Unable to migrate aggregate graphs to matching aggregate template
- issue#2598: Creating an aggregate graph without associated template causes
RRDtool error
- issue#2599: Creating/Updating an Aggregate Graph to use LINE/STACK's
generates invalid SQL statements
- issue#2604: When adding a dataquery, SQL errors can be generated
- issue#2605: When installing, checking database tables can cause errors
- issue#2608: db_update_table() function should not require an engine type or comment
- issue#2609: When updating from earlier than 1.2, timezone column might not exist
- issue#2610: Data Sources troubleshooter generates warning that each()
function is deprecated
- issue#2612: When RRDtool fails to initialize, DSStats generates lots of warnings
- issue#2618: ifAdminStatus in snmp_queries/interfaces.xml
- issue#2621: File paths that accept blanks are not allowing blanks
- issue#2622: Various undefined variables generate errors within database.php
- issue#2623: When using form_text_area(), invalid HTML can be generated
- issue#2627: Some filenames can be lost in log file selection list
- issue#2629: When upgrading, ldap library is not loaded properly due to incorrect paths
- issue#2632: Automated Networks are not being properly replicated to additional pollers
- issue#2635: When running automation scans, database connection should be
forced to central database
- issue#2638: Support disabling PHP SNMP extension by mhoran
- issue#2645: Some URLs are incorrectly calculated
- issue#2649: Automation not creating graphs when there are custom items
- issue#2650: Several undefined variables are generating warnings
- issue#2662: HRULE objects broken in some cases
- issue#2668: Trailing parentheses are removed from the SNMP system description
- issue#2672: Cacti Install on Windows Fails
- issue#2676: Skin paper plane not working on iPhone XR
- issue#2678: Call to undefined function _() in data_queries.php
- issue#2679: Users with passwords that do not meet complexity requirements are
not redirected to the Change Password page
- issue#2680: Remove deprecated $php_errormsg usage
- issue#2689: Increase boost maximum memory limits
- issue#2693: Graph links do not contain URL path causing links to fail
- issue#2698: Avoid duplicated icon in the main.js of all themes
- issue#2699: Login option "Show the page that user pointed their browser to"
does not work properly
- issue#2702: sqltable_to_php.php does not always generate valid table data arrays
- issue#2707: Some pages that have permission errors dont raise proper messages
- issue#2712: PHP memory should be unlimited in scripts that need more memory than the default
- issue#2713: SNMP System Description with UTF8 strings properly are not properly parsed
- issue#2718: When links are converted to ajax calls, mailto links should not be included
- issue#2720: When calculating percentiles, the value is incorrect as
the steps are not placed in correct order
- feature#2538: Allow users to change default method of removing data sources
when deleting graphs
- feature#2539: Allow users to set the default graph lock status
- feature#2540: Allow users to enable/disable graph tree history
- feature#2646: Allow application of automation rules on CLI by rb83
- feature#2654: New hook to notify plugins of user profile changes ('auth_profile_update_data')
- feature#2664: Add option to purge spikekill backups
- feature#2701: Provide option to continue graphing objects that loose their index
- feature#2704: Device and template cache do not refresh properly
* Sun Mar 31 2019 liedke@rz.uni-mannheim.de
-Remove cacti-ss_fping.patch
-Build version 1.2.3
- issue#1063: Tree View does not display the last item correctly under
'Modern' theme
- issue#2282: Install Wizard does not Detect RRDtool Version on Windows
- issue#2430: "New Device" menu item showing as selected incorrect
when "Devices" clicked
- issue#2435: Tree View becomes narrower and narrower when
expanding/collapsing nodes with long names
- issue#2449: Index incorrectly changed to 1 if the index is alphanumeric
when OID/REGEXP: or OIDVALUE/REGEXP:
- issue#2452: Missing 'getSNMPQueries()' function when calling
add_data_query.php
- issue#2453: When running add_graphs.php, cannot retrieve list of valid
snmp values
- issue#2460: sqltable_to_php.php does not export 'default' value
of columns correctly
- issue#2456: When attempting to display actions that can be taken,
having no actions caused error
- issue#2457: When creating a graph, undefined function prevents
confirmation from appearing
- issue#2459: ss_host_disk.php attempts to return an empty array
instead of a string
- issue#2463: Partial Fix: Display zombie data sources without graphs
- issue#2464: When viewing a User's effective permissions, disabled
devices should show denied
- issue#2465: Too many groups hide effective permission column when
viewing User's effective permissions
- issue#2466: Manual data source creation is broken
- issue#2469: When using Matching Objects filter within Automation
Graph Rules, unexpected redirect occurs
- issue#2471: When Creating a new Graph Template, clear the Graph
Template permissions cache
- issue#2472: Bad navigation items cause Array to string conversion errors
- issue#2474: REGEXP_SNMP_TRIM does not handle Gauge fields properly
- issue#2475: When resetting filters, multiple sort session variables do
not always reset properly
- issue#2476: When using CMD.PHP for polling, device polling time is not updated
- issue#2477: When saving a Data Input Method, Output Field name changes
to incorrect value
- issue#2478: When saving a LINEX type Graph Item, the Line Width value is
too restrictive
- issue#2479: RPN function select list should be sorted when editing
CDEF and VDEF's
- issue#2480: RRDtool versions in Cacti not granular enough
- issue#2482: When upgrading past 1.1.34, upgrade attempts to drop a
non-existing primary key
- issue#2491: Data Source Info suggests commands RRDTool can't honor
- issue#2492: When data templates are filtered by profile, data source
list does not get same filter applied
- issue#2493: Data Source Info is not separated properly
- issue#2494: User Login History is not fully enabled for translations
- issue#2497: When linking to Graphs, unless both start and end are
specified, only defaults are used
- issue#2499: Data Source reapply names does not update name from
data query or template.
- issue#2500: Allow Data Source repairs from the Data Source Debug and
Data Source Info pages
- issue#2502: Unable to have a min or max value for RRDfile at zero '0'
- issue#2503: The Cacti Statistics Device Template is not include in release
- issue#2509: When checking for correct Unicode, minimum MySQL version
is incorrect
- issue#2513: When a plugin INFO file is malformed or missing elements,
plugin_load_info_file() should fill missing elements
with defaults
- issue#2519: When editing a data query, graph template picker shows
poor performance
- issue#2518: Unexpected errors when filtering Data Sources with
invalid 'rows' value
- issue#2522: When upgrading from pre-1.0.0, colors were not upgraded
properly by Givo29
- issue#2525: Tree branches that includes sites which have valid devices
do not appear on Graph Tree
- issue#2527: When importing a package, if Cacti version is below the
version which that exported, a clear message should be shown
- issue#2531: When updating color template items, the table name used
is incorrect by Givo29
- issue#2535: Ensure Graph ListView uses same UI logic as Graph Management
- issue#2537: Incorrect title showing when changes are made to Tree
- issue#2543: Poor performance showing a device's graphs on a tree
- issue#2547: RRD values are not being properly trimmed
- issue#2551: When checking MySQL configuration values, consider ON/OFF
to be equal to 1/0
- issue#2553: When upgrading from 1.0.0 or below, renaming automation
columns can cause issues
- issue#2555: Missing configuration defaults prevent installations/upgrades
without showing reason
- issue#2563: When sorting Data Sources, missing index causes unnecessary delays
- issue#2564: Filtering for Orphan Data Sources is unreliable
- issue#2565: Pages with 500+ selectable items in a single able can
suffer from poor performance
- issue#2568: When querying for diagnostic data, devices on remote pollers
should proxy the request
- issue#2571: External Links do not properly validate user permissions
- issue#2575: Poller errors occur if a file exists that the website cannot read
- issue#2576: Spikekill API does not work when called from plugins
- issue#2578: When importing packages, missing/new resources are not created
- issue#2581: When viewing poller cache, Device SNMP community is not
properly escaped
- issue#2583: When JSON module is not installed, Installer does not
correctly show missing message
- issue#2584: When user/group permissions are reset, this is not reflected
immediately to the end user
- feature#2505: Improve performance of Data Source Statistics
- feature#2515: Allow more than one SNMP port to be specified when
adding devices via CLI
- feature: Update phpseclib to version 2.0.15
- feature: Adjust the max table rows based upon value of 'max_input_vars'
* Thu Feb 28 2019 liedke@rz.uni-mannheim.de
-Add cacti-ss_fping.patch
* Mon Feb 25 2019 liedke@rz.uni-mannheim.de
-Build version 1.2.2
- issue#599: Aggregate graph templates assume AVG consolidation function
- issue#2312: Retrieving Device Information appears to fail on Safari
- issue#2317: Unabe to add new records to 'poller_time' table
- issue#2327: Memory exhausted whilst running poller replication
- issue#2334: Some browsers report JavaScript errors when switching to console
- issue#2337: When running an upgrade, the path of the log file is reset
- issue#2339: Certain characters in recipient address can cause email to fail
- issue#2343: Export hooks no longer work due to missing default keyword
- issue#2346: When listing plugin permissions, "Legacy 1.x Plugins" can appear
in the wrong cell
- issue#2347: Allow sort output to inject returned data into a specific object
- issue#2350: Unable to Select Data Source for HRULES and COMMENTS that include
nth Percentile and Bandwidth
- issue#2352: SNMP description field can sometimes contain mangled data
- issue#2354: When reindexing in Automation, titles are not updated for Graph
and Data Source
- issue#2355: Data Sources are sometimes duplicated when Custom Data is specified
- issue#2357: When indexes are incorrect, poller should log more information
- issue#2359: When upgrading, "Install/Upgrade" privilege may have been previously lost
- issue#2360: When retrieving database / table / column information, schema
name is not always applied
- issue#2362: No way to default an interface speed when ifSpeed and ifHighSpeed
come back as zero
- issue#2365: When editing Aggregate Graphs, orphaned items were not always removed
- issue#2372: Data Query reindexing leads gaps in Graphs
- issue#2376: Manually adding a device discovered by Automation causes errors to be logged
- issue#2380: Devices may experience constant reindexing
- issue#2384: When authentication method is set to None, change to Builtin as
None has been removed
- issue#2393: When reindexing a device, Graph Automation creates duplicate graphs every time
- issue#2416: SELinux wants APPEND not WRITE permission for Fedora/EPEL (RHEL, Centos)
- issue#2419: Host state time was not correctly calculated
- issue#2426: Reinstate missing plugin hooks for 'custom_logout_message' and 'custom_denied'
- issue#2431: Default value for 'Mail Method' (settings_how) is incorrect resulting in errors
- issue#2432: Undefined variable warnings when updating RRD data
- issue#2451: Drag and drop does not always function correctly
- feature: Update JavaScript library c3.js to version 0.6.12
- feature: Update phpseclib to version 2.0.14
- feature: Update PHPMailer to version 6.0.7
- feature: Update JavaScript library d3.js to version 5.9.1
Version: 1.1.38-2.1
* Fri Jul 13 2018 uhaider.msee15seecs@seecs.edu.pk
-Fixed missing packages php-json, php-ctype, and php-gd in cacti.spec. bsc#1101024
-Fixed Apache2.4 and Apache2.2 runtime configuration issue. bsc#1101139
* Mon Apr 16 2018 liedke@rz.uni-mannheim.de
-Build version 1.1.38
- issue#1501: cmd.php poller not stripping alpha from snmp get values
- issue#1515: Special characters not rendered properly in settings
- issue#1530: Inconsistent behaviour handling blank Field Name/Value
when editing data query suggested values
- issue#1537: Numeric validation not ignoring blank elements
* Mon Mar 26 2018 liedke@rz.uni-mannheim.de
- Change minimum php version to 5.4
-Build version 1.1.37
- issue#274: Allow Realtime Graph Popup Mode
- issue#1405: When Data Query columns are wide, they cause rendering
issues
- issue#1414: DSSTATS reports incorrectly that a data source does not
exist
- issue#1419: Filtering log results in errors in the log
- issue#1420: PHP NOTICE editing cdef and vdef items
- issue#1421: CLI upgrade_database.php PHP Warning on execution
- issue#1426: Remote poller erroring attempting to verify files
- issue#1432: Delete confirmation does not disappear
- issue#1443: Partial Save warnings under Settings -> Mail/Reporting/DNS
- issue#1447: CLI audit_database.php not detecting database name, and
failed to create audit tables when run fresh
- issue#1453: CLI add_graph.php not allowing title to be set
- issue#1456: Increase minimum php version maintaining support for RHEL6
- issue#1457: Path-Based Cross-Site Scripting (XSS) issues
- issue#1458: Error in logs when creating new graphs
- issue#1459: Automation filter not applied correctly
- issue#1461: Setting output_format on input type causes no values to be
returned
- issue#1464: Poller stuck in infinitely loop causing excess logging
- issue#1466: No scrollbars in mobile browsers
- issue#1468: Increase max length of host.snmp_sysObjectID column
- issue#1471: Undefined function found in global_languages.php
- issue#1472: Change Device Options - Style needs updating
- issue#1474: Check possibility for creation of temporary tables on install
- issue#1487: Undefined constant in ldap.php
- issue#1483: Create New Graphs - Paw Styling Issue
- issue#1493: Can't create tree branches with '#' sign
- feature#1489: Add ability to use parts of OID as value via regex
- feature: Updated Chinese Simplified translations
- feature: Updated Dutch translations
- feature: JavaScript library Chart.js updated 2.7.2
- feature: Allow snmp formatting functions to detect UTF-8 output
* Mon Feb 26 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.36
- issue#934: Template names missing in graph management list
- issue#1211: CDEF and VDEF Item Edit do not use correct procedures
- issue#1250: Language support does not support localization properly
- issue#1331: Log Rotation should occur at midnight on system
- issue#1334: Console->Users->(Edit) Permissions checkmark descriptions
missing
- issue#1336: Debian test suite reports php error
- issue#1338: Allow automation to be run in debug mode from GUI
- issue#1339: First graph of second page does not render
- issue#1340: Unable to open Time Graph View in new tab
- issue#1348: Toggle context menu of Zoom
- issue#1351: Errorimage does not render on systems without GD ttf support
- issue#1353: New installation without config.php silently throws errors
- issue#1355: Single tree can have the order of the tree changed
- issue#1357: Data Profile disable fields shown temporarily as editable
- issue#1359: Settings page generates error for removed plugin tab
- issue#1362: DSStats Avg/Peak function broken due to change in RRDtool
processing
- issue#1365: Plugin Management enforce folder name
- issue#1366: Improve error/info message display
- issue#1380: Potential failure when updating script type
- issue#1384: When installing/enabling plugins, current user and admin should
get permissions
- issue#1386: form_selectable_cell() ignores width if no style_or_class is
passed
- issue#1389: Poller is including plugins that are not installed
- issue#1390: Plugin uninstall should prompt user before removal
- issue#1396: Prevent installation/uninstallation of a plugin if dependency
is present
- issue#1397: Distinguish between plugin tabs and core tabs in settings
- issue: Allow dynamic setting of from name when emailing
- issue: Data Query Cache filter layout more consistent
- issue: Minor plugin permissions format change
- issue: Implementation of error handling causes errors creating New Graphs
- issue: Deprecated DDStats setting removed
- issue: Graph context menu items are now context aware
- issue: Validate spine path before allowing enabling of spine
- issue: Errored settings fields now highlighted correctly on error
- issue: Add the Default Device to the Default Tree at install time
- issue: Secpass password verification error message unuseful
- feature: Searching of SNMP Index in View Data Query Cache now works
- feature: Presets now have default device Template
- feature: JavaScript library c3.js updated (v0.4.21) / jstree.js (3.3.5)
- feature: PHPSecLib updated 2.0.10
- feature: Updated Dutch translations
* Mon Feb 12 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.35
- issue#114: *all_max_peak* percentile calculations incorrect
- issue#430: Pressing Back often fails to work as expected
- issue#564: Fail to move items in graph template as desired
- issue#981: Hyperlinks for Data Profile stats
- issue#993: Realtime not working on remote pollers for certain data query
- issue#1244: Errors importing templates with deprecated hashes
- issue#1251: Allow zoom out through mouse mmiddle button
- issue#1281: Max OIDs setting is for bulkget and not bulkwalk operations
- issue#1286: Correct CHUNKED_ENCODING error when retrieving graph with
some browsers
- issue#1306: Graphs are not always refreshed properly
- issue#1309: Provide meaningful authentication errors in graph_json.php
and graph_image.php
- issue#1310: Return button fails on change password page
- issue#1315: Realtime not working on local data collector
- issue#1316: CDEF Item Value dialog does not update creating items
- issue#1319: Front end + remote poller - connection timeout issue
- issue#1321: Use RRDtool pipelining functions within DSSTATS
- issue#1323: Enhance form layout for readability
- issue#1329: Spelling errors in automation_networks.php
- issue: Validate regular expressions if specified in add_graphs.php
- issue: Ensure compression levels are consistent when importing package
* Tue Feb 06 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.34
issue#1040: PHP version 7.2 - ERROR PHP WARNING: sizeof()
issue#1195: Improved Javascript error message handling
issue#1245: Unable to reorder graph name suggested values
issue#1256: Error reporting of custom errors not displayed correctly
issue#1257: Boost excessively logging updates
issue#1258: cacti.sql updated to match expected schema
issue#1260: Tab images fail to render due to TrueType support in PHP GD Module
issue#1261: Automatic logout timeout does not apply to web basic authenication
issue#1263: CLI utility to validate database schema
issue#1266: Inconsistent usage graphWrapper CSS causes odd graph zoom behavior
issue#1268: Regex filters not working properly
issue#1274: Host CPU script checks value existance to avoid error
issue#1275: SNMP v3 authPriv fails to work
issue#1287: JSON calls return validation error in HTML format
issue#1289: Script Server should output parameter array rather than parameters
issue#1292: Chrome to aggressively caches Javascript files
issue#1293: Correctly identify if command 'snmpbulkwalk' is available
issue#1296: CactiErrorHandler does not ignore PHP suppressed errors
issue#1300: Automation discovery : New devices added by automation discovery
have empty SNMP community field
issue#1302: Automatic logout should not be enforced on login page
issue#1304: mib_cache.php file contains unsafe transactions for binary logging
feature: CLI utilily to generate and verify file hashes for installed Cacti
files
feature: Logging links back to appropriate areas for troubleshooting
feature: Logging lists filenames in reverse order
* Tue Jan 23 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.33
- issue#1253: Automatically generated RRDtool DEF names in Cacti
1.1.32 break existing Graph Templates
* Mon Jan 22 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.32
- issue#969: Undefined index: color_id / task_item when viewing graphs
- issue#1166: Fix typo of 'locale' in global_languages.php
- issue#1222: Graphs with large number of items causes RRDTool to error
- issue#1230: PHP Fatal error: Call to undefined function
get_max_tree_sequence()
- issue#1238: SNMP functions fail to handle "Invalid object identifier"
error
- issue#1239: Browser console error in layout.js
- issue#1240: Page layout issues caused by library update
- issue#1246: Make SNMP Error return more info
- issue: Missing or corrupted theme files can corrupt user settings
- issue: Theme may not change until next login
- issue: Tree edit Tree/Device/Graph drag areas incorrect
- issue: Make callback error handling compatible with jQuery 3.x
- issue: Ensure the snmp_error is cleared before every call
- issue: Indicate unknown error when RRDTool returns no error message
- feature: Update Javascript library: js.storage.js, d3.js, jquery.js,
jquery.tablednd.js, jquery.timepicker.js
* Wed Jan 17 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.31
- issue#629: Site reload after delete the last letter in the searchbar
- issue#1022: Discovery network stuck in "running" state does not
return results
- issue#1164: Version compare function fails on major/minor only
versions
- issue#1166: Invalid New User default language selection
- issue#1175: Automatic logout inconsistent redirect
- issue#1179: Warn during installation if installing moving to older
version
- issue#1183: Automatically detect missing Theme and use alternate
- issue#1185: Layout with Graphs having large number of data columns
- issue#1189: Allow ability to sort tree list by name asc/desc
- issue#1190: Enabling, Disabling, Uninstalling plugin, you should
page refresh
- issue#1191: Tree sequences were not set or checked
- issue#1197: Add more collection intervals to Data Source Profiles
- issue#1206: Display issue with internationalization number format
- issue#1210: CDEF and VDEF Items can not be properly edited
- issue#1212: Navigation breadcrumbs fail to handle External links
correctly
- issue#1213: PHPMailer trying TLS despite SMTPSecure setting
- issue#1215: Show version when installation prompts for license
- issue#1217: Add ability to view/edit Input/Query when editing
Data Template
- issue: Named colors fail to import on install or upgrade
- issue: Drag and Drop issues on multiple pages could corrupt
sequencing
- feature: Enhance filter to permit more glyphs for table headers
- feature: Add a page refresh dropdown to the Automation Networks
- feature: Enhanced SNMP v3 input forms
- feature: Allow Trees to be rearranged using Drag and Drop
- feature: Trap GUI callback errors and present error message
* Thu Jan 04 2018 liedke@rz.uni-mannheim.de
- Build version 1.1.30
- issue#1155: Non-secure mail setting not functional due to changes
in phpmailer
- issue#1157: Resolve issue with branch permission api
- issue#1158: Change CLOG to use regex replacement so line details
are not mangled
- issue#1161: Graph View regex's are not preserved during automatic
page refresh
- issue#1162: Error messages are not display when editing a user
- issue#1166: Default language was not correctly set when editing a
user
- issue: basename function undefined during upgrade to 1.0.x
- issue: Storage API and translations required for Change password
function
- issue: ALTER IGNORE still throws an error when attempting to drop
the primary key
- issue: Data Source profile form API generates error when system is
half upgraded
- issue: Resolve issue with importing packages
- feature: Update package versions for Cacti version 1.1.29
* Wed Dec 27 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.29
- issue#871: Allow Nth Percentile and Bandwidth Summation to respect
'Base Value' in template
- issue#965: Duplicate error message and incorrect error code when
using LDAP authentication
- issue#1084: Graph Tree Branch not properly populating when editing
report item
- issue#1104: Datetime formatting in developer debug mode incorrect
- issue#1106: Template Filters has empty row
- issue#1109: URL used in redirection when referrer already has
parameters in it
- issue#1110: Add CPU Total to 'SNMP - Get Processor Information'
- issue#1111: PHP NOTICE when using LDAP authenication
- issue#1116: Filters not allowing "None" or "All" when editing
report item
- issue#1119: Reduced amount of data fetched for CPU usage to just
the data used
- issue#1121: Bandwidth summation not using correct locale
- issue#1122: Fix issue with local login / potential password problems
- issue#1128: Resolve php warning when raising messages
- issue#1130: Fix logging level issue where logs of same level as setting
where not logged
- issue#1131: Make upgrade_database.php use same version compare as
/install/ system
- issue#1133: Fix issues with variable name and debug log
- issue#1141: When viewing graphs from list view, pagination causes list
view filter to be cleared
- issue#1143: ss_host_cpu.php - Division by zero / Invalid Return Value
- issue#1146: Installation now checks URI path matchs with configuration
option URL_PATH
- issue: Updated Graph pagenation and filter reset
- issue: Resolve issues with cacti_version_compare() processing
- issue: Zoom context menu stays open after zoom out actions
- issue: Paginator object was not always translated
* Mon Nov 20 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.28
- issue#958: User Group Tree permissions not calculated fully
- issue#959: Issue viewing email reports due to email client
decoding problems
- issue#992: RRDfile naming issues that result from random sorting
during export
- issue#1012: Issue where disabled devices will not appear in
Tree editor
- issue#1044: Handle invalid exclusion regex properly when viewing
the log
- issue#1045: Issue with multiple pages and confirmation dialogs
- issue#1048: Problem importing vdefs from templates
- issue#1053: Remote Data Collector now works with https and self
signed certificates
- issue#1055: Errors in data source statistics inserts when invalid
output is encountered
- issue#1057: CVE-2017-16641 - Potential vulnerability in RRDtool
functions boo#1067166
- issue#1058: ICMP Ping to and IPv6 address fails to gather data for
ping latency
- issue#1059: Aggregate item filter should use regular expressions to
avoid SQL errors due to flawed filter logic
- issue#1064: When a Device Template is removed, Automation Templates
for that Device Template remain
- issue#1066: CVE-2017-16660 in remote_agent.php logging function
boo#1067164
- issue#1066: CVE-2017-16661 in view log file boo#1067163
- issue#1071: CVE-2017-16785 in global_session.php Reflection XSS
boo#1068028
- issue#1074: Boost records get stuck in archive
- issue#1079: Undefined index in lib/snmpagent.php
- issue#1085: Undefined function html_log_input_error
- issue#1086: Rerun data queries in automation process has no effect
- issue#1087: cli/add_device.php --proxy option does not work with non-snmp
devices
- issue#1088: Set timeout for remote data collector context
- issue: Minor performance increase in boost processing
- issue: Poller output not empty not processed correctly on Log tab
- feature: Timeout to the remote agent for realtime graphs
- feature: Updated Dutch translations
- feature: Database update adding additional indexes for increased
performance
- feature: Updated PHPMailer to version 5.2.26
- feature: Updated phpseclib to version 2.0.7
* Mon Oct 23 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.27
- issue#1033: Issues inserting into dsstats table due to legacy data
- issue#1039: Using html_escape still double escapes. Use strip_tags
instead
- issue#1040: Resolving compatibility issue with PHP7.2
* Mon Oct 16 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.26
- issue#841: --input-fields variable not working with add_graphs.php
cli
- issue#986: Resolve minor appearance problem on Modern theme
- issue#989: Resolve issue with data input method commands loosing
spaces on import
- issue#1000: add_graphs.php not recognizing input fields
- issue#1003: Reversing resolution to Issue#995 due to adverse impact
to polling times
- issue#1008: Remove developer debug warning about thumbnail validation
- issue#1009: Resolving minor issue with cmd_realtime.php and a changing
hostname
- issue#1010: CVE-2017-15194 - Path-Based Cross-Site Scripting (XSS)
- issue#1027: Confirm that the PHP date.timezone setting is properly set
during install
- issue: Fixed database session handling for PHP 7.1
- issue: Fixed some missing i18n
- issue: Fixed typo's
- feature: Updated Dutch translations
- feature: Schema changes; Examined queries without key usage and
added/changed some keys
- feature: Some small improvements
- Build version 1.1.25
- issue#966: Email still using SMTP security even though set to none
- issue#995: Redirecting exec_background() to dev null breaks some
functions
- issue#998: Allow removal of external data template and prevent their
creation
- issue: Remove spikes uses wrong variance value from WebGUI
- issue: Changing filters on log page does not reset to first page
- issue: Allow manual creation of external data sources once again
- feature: Updated Dutch translations
* Mon Sep 18 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.24
- issue#932: Zoom positioning breaks when you scroll the graph page
- issue#970: Remote Data Collector Cache Synchronization missing
plugin sub-directories
- issue#980: Resolve issue where a new tree branches refreshs before
you have a chance to name it
- issue#982: Data Source Profile size information not showing properly
- issue: Long sysDescriptions on automation page cause columns to
be hidden
- issue: Resolve visual issues in Classic theme
- feature: Allow Resynchronization of Poller Resource Cache
* Tue Sep 12 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.23
issue#963: SQL Errors with snmpagent and MariaDB 10.2
issue#964: SQL Mode optimization failing in 1.1.22
- Build version 1.1.22
issue#950: Automation - New graph rule looses name on change
issue#952: CSV Export not rendering chinese characters correctly
(Second attempt)
issue#955: Validation error trying to view graph debug syntax
issue: MySQL/MariaDB database sql_mode NO_AUTO_VALUE_ON_ZERO
corrupts Cacti database
issue: When creating a data source, the data source profile does
not default to the system default
feature: Enhance table filters to support new Cycle plugin
feature: Updated Dutch Translations
* Tue Sep 05 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.21
issue#938: Problems upgrading to 1.1.20 with one table alter
statement
issue#952: CSV Export not rendering chinese characters correctly
issue: Minor alignment issue on tables
- Build version 1.1.20
issue#920: Issue with scrollbars after update to 1.1.19 related
to #902
issue#921: Tree Mode no longer expands to accomodate full tree
item names
issue#922: When using LDAP domains some setings are not passed
correctly to the Cacti LDAP library
issue#923: Warninga in cacti.log are displayed incorrectly
issue#926: Update Utilities page to provide more information on
rebuilding poller cache
issue#927: Minor schema change to support XtraDB Cluster
issue#929: Overlapping frames on certain themes
issue#931: Aggregate graphs missing from list view
issue#933: Aggregate graphs page counter off
issue#935: Support utf8 printable in data query inserts
issue#936: TimeZone query failure undefined function
issue: Taking actions on users does not use callbacks
issue: Undefined constant in lib/snmp.php on RHEL7
issue: Human readable socket errno's not defined
issue: Audit of ping methods tcp, udp, and icmp ping. IPv6 will still
not work till php 5.5.4
* Mon Aug 21 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.19
issue#810: Scripts in packages don't match distribution
issue#919: Unable to upgrade to 1.1.18
issue: Update documentation for minimum PHP 5.4
- Build version 1.1.18
issue#902: Correcting some issues with Console and External Links
issue#903: Upgrade pace.js to v0.7.8
issue#904: Allow user to hide Graphs from disabled Devices
issue#906: Create a separate Realm for Realtime Graphs
issue#907: XSS issue in spikekill.php
CVE-2017-12927 bsc#1054390
issue#910: Boost last run duration generates an error on new install
issue#914: Unable to purge Cacti logfile from System Utilities
issue#915: Non-numeric data in ss_host_disk.php
issue#916: Resolve display of errors when encountering ldap issues
issue#918: Minor XSS and create generalized escape function
CVE-2017-12978 bsc#1054742
issue: Resolve JavaScript errors on Login page
issue: Resolve JavaScript errors on Permission Denied pages
issue: Graphs tab would appear in non-classic even if you did not
have permissions
feature: Updated dutch translations
* Tue Aug 15 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.17
issue#450: List View to Preview shows no results
issue#486: Export Device table results to CSV
issue#544: Allow Log Rotation to be other than Daily
issue#673: Downtime/Recovery time/date is set incorrectly
issue#819: Customized timespans for graphs
issue#888: Rebuilding Poller Cache when External data sources are
present results in false positive warnings in the log
issue#891: Database.php unable to connect to MySQL when using port
different than 3306
issue#893: Warning messages when duplicating CDEF objects
issue#897: Due to browser use of special key, deprecate ctrl-shift-x
for clearing filter
issue#898: Issue with tcp and udp ping due to file description
allocation changes
issue: Unable use ipv6 ip addresses for snmp ping in the Cacti GUI
issue: Update language of the Rebuild Poller Cache menu pick
issue: Broken design for input controls with Sunrise theme
issue: Timespan switching not switching to Custom in Preview Mode
issue: Log rotation would not occur under certain conditions.
Provide more control over log functions
issue: Purge log file always purged the cacti.log, not the selected
log
issue: Unable to view graphs for errored data sources from Cacti log
* Tue Aug 01 2017 liedke@rz.uni-mannheim.de
- Build version 1.1.16
issue#865: Escape Data Query arguments to prevent issues with
special characters
issue#872: Can't add device items to graphs generated with no
device and no template
issue#875: When modifying Realm permissions, realms that are
listed multiple times don't stay in sync
issue#877: Improving resolution to issue#847 and one additional
vulnerability
CVE-2017-12065 bsc#1051633
issue#878: Ambiguous language in purge log function
issue#879: SQL Error when adding a report item to a report
issue#880: Device drop down is limited to 20 devices and lacks
a scroll bar
issue#885: Graph generated with no device and no graph template
forgets device definitions
issue#886: Unable to export templates other than Device templates
issue: Address additional corner cases around get_order_string usage
issue: Data Queries sharing a Data Source can result in poller
output table not empty errors
issue: Fix Sunrise theme to properly theme multiselect widgets
issue: Increase height of multiselects so that more options are
visible
issue: When a graph is locked, anchor tags are still functional