Cacti v1.2.7 Release Notes
Release Date: 2019-09-29 // over 4 years ago-
๐ Release of Cacti 1.2.7
๐ Thank you everyone who are using Cacti and especially those helping to make Cacti better!
For additional details check out the README located on GitHub.
IMPORTANT: Security issue #2964 (CVE-2019-16723) was found and fixed that allowed unrestricted access to graphs via the https://cacti/graphs_json.php url. Whilst this page did check that a valid user was logged in, any user would be able to access any graph regardless of any defined permissions.
Contribute
๐ Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!
๐ Change Log
- ๐ security#2964: CVE-2019-16723 Security issue allows to view all graphs
- โฑ issue#1181: When opening the Scheduler, it may appear off screen when opened near the bottom of a window
- issue#2894: When using Remote Data Collectors, database information and recommendations may show Incorrect values
- issue#2895: When using data sources from different RRDs, Percentile calculation may be incorrect
- issue#2899: When displaying a form, variable substitution may not always work as expected
- issue#2922: When running a data query, the result may come back as undefined
- issue#2925: When using consolidation functions, retrieving the first step can cause errors
- issue#2926: When editing a graph, variable validation errors may prevent changes from being saved
- ๐ issue#2929: Boost performance may become poor even in single server mode
- issue#2930: RRDtool can generate errors to standard output which can corrupt images
- issue#2932: When RRDTool generates an error creating an image, it is not always reportedly properly
- issue#2936: Installer will loop when number of tables exceeds PHP's max_input_vars limit
- โฌ๏ธ issue#2938: Under CentOS packages, upgrade_database.php script uses incorrect location for DB upgrade scripts
- issue#2940: Images are not always properly sized until the page size changes
- issue#2949: Order icons may not be properly aligned
- issue#2951: Allow legends to be modified for Aggregate Graphs
- issue#2958: Drop down autocomplete lists do not always open as expected
- ๐ issue#2961: When syncing device templates, undefined function may be raised
- issue#2963: When running ss_cpoller script, avgTime incorrect returns maxTime
- ๐ issue#2966: Realtime popup windows do not always honor settings
- issue#2967: When using Spikekill, gap and range fill are not operating as expected
- issue#2970: When a user edits their profile, buttons may appear as unusable whilst still being enabled
- issue#2973: User menu does not always display properly on mobile devices
- issue#2974: Script Server can raise unexpected warnings when 'arg_num_indexes' set but not found in data source
- issue#2975: Datasource Debug does not properly handle European numbers in certain circumstances
- ๐ฒ issue#2976: Boost messages should be stored in their own log file
- โก๏ธ issue#2977: Data updates with past timestamps can cause boost errors
- issue#2978: Moving hosts between data collectors is slow
- ๐ issue#2979: Multi Output Fields are not parsed correctly
- issue#2984: When checking SQL fields, value was not always primed
- issue#2986: Selecting 'Devices' menu pick closes 'Management' menu
- ๐ feature#2943: Allow all Data Queries of a device to be re-indexed at once
- ๐ feature#2952: If device is down or threshold breached, highlight in tree view
- ๐ feature#2985: Update phpseclib to 2.0.23