ยซ Changelog History


Cacti v1.2.7 Release Notes

Release Date: 2019-09-29 // over 4 years ago

  • ๐Ÿš€ Release of Cacti 1.2.7

    ๐Ÿ‘ Thank you everyone who are using Cacti and especially those helping to make Cacti better!

    For additional details check out the README located on GitHub.

    IMPORTANT: Security issue #2964 (CVE-2019-16723) was found and fixed that allowed unrestricted access to graphs via the https://cacti/graphs_json.php url. Whilst this page did check that a valid user was logged in, any user would be able to access any graph regardless of any defined permissions.

    Contribute

    ๐Ÿ‘ Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

    ๐Ÿ”„ Change Log

    • ๐Ÿ”’ security#2964: CVE-2019-16723 Security issue allows to view all graphs
    • โฑ issue#1181: When opening the Scheduler, it may appear off screen when opened near the bottom of a window
    • issue#2894: When using Remote Data Collectors, database information and recommendations may show Incorrect values
    • issue#2895: When using data sources from different RRDs, Percentile calculation may be incorrect
    • issue#2899: When displaying a form, variable substitution may not always work as expected
    • issue#2922: When running a data query, the result may come back as undefined
    • issue#2925: When using consolidation functions, retrieving the first step can cause errors
    • issue#2926: When editing a graph, variable validation errors may prevent changes from being saved
    • ๐ŸŽ issue#2929: Boost performance may become poor even in single server mode
    • issue#2930: RRDtool can generate errors to standard output which can corrupt images
    • issue#2932: When RRDTool generates an error creating an image, it is not always reportedly properly
    • issue#2936: Installer will loop when number of tables exceeds PHP's max_input_vars limit
    • โฌ†๏ธ issue#2938: Under CentOS packages, upgrade_database.php script uses incorrect location for DB upgrade scripts
    • issue#2940: Images are not always properly sized until the page size changes
    • issue#2949: Order icons may not be properly aligned
    • issue#2951: Allow legends to be modified for Aggregate Graphs
    • issue#2958: Drop down autocomplete lists do not always open as expected
    • ๐Ÿ”€ issue#2961: When syncing device templates, undefined function may be raised
    • issue#2963: When running ss_cpoller script, avgTime incorrect returns maxTime
    • ๐Ÿ issue#2966: Realtime popup windows do not always honor settings
    • issue#2967: When using Spikekill, gap and range fill are not operating as expected
    • issue#2970: When a user edits their profile, buttons may appear as unusable whilst still being enabled
    • issue#2973: User menu does not always display properly on mobile devices
    • issue#2974: Script Server can raise unexpected warnings when 'arg_num_indexes' set but not found in data source
    • issue#2975: Datasource Debug does not properly handle European numbers in certain circumstances
    • ๐ŸŒฒ issue#2976: Boost messages should be stored in their own log file
    • โšก๏ธ issue#2977: Data updates with past timestamps can cause boost errors
    • issue#2978: Moving hosts between data collectors is slow
    • ๐Ÿ“œ issue#2979: Multi Output Fields are not parsed correctly
    • issue#2984: When checking SQL fields, value was not always primed
    • issue#2986: Selecting 'Devices' menu pick closes 'Management' menu
    • ๐Ÿ”‹ feature#2943: Allow all Data Queries of a device to be re-indexed at once
    • ๐Ÿ”‹ feature#2952: If device is down or threshold breached, highlight in tree view
    • ๐Ÿ”‹ feature#2985: Update phpseclib to 2.0.23