SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for cacti-1.2.18-139.24.noarch.rpm :

* Sat Jul 10 2021 Andreas Stieger - cacti 1.2.18:
* CVE-2020-14424: Lack of escaping on template import can lead to XSS exposure under \'midwinter\' theme (boo#1188188)
* Real time graphs can expose XSS issue
* Wed May 05 2021 Andreas Stieger - cacti 1.2.17:
* Fix incorrect handling of fields led to potential XSS issues
* CVE-2020-35701: Fix SQL Injection vulnerability (boo#1180804)
* Fix various XSS issues with HTML Forms handling
* Fix handling of Daylight Saving Time changes
* Multiple fixes and extensions to plugins
* Fix multiple display, export, and input validation issues
* SNMPv3 Password field was not correctly limited
* Improved regular expression handling for searcu
* Improved support for RRDproxy
* Improved behavior on large systems
* MariaDB/MysQL: Support persistent connections and improve multiple operations and options
* Add Theme \'Midwinter\'
* Modify automation to test for data before creating graphs
* Add hooks for plugins to show customize graph source and customize template url
* Allow CSRF security key to be refreshed at command line
* Allow remote pollers statistics to be cleared
* Allow user to be automatically logged out after admin defined period
* When replicating, ensure Cacti can detect and verify replica servers
* Fri Dec 18 2020 Andreas Stieger - fix httpd startup errors due to mismatched configuration directives boo#1175314
* Thu Dec 03 2020 Paolo Stivanin - cacti 1.2.16:
* When generating a report, the Cascade to Branches function does not as expected
* When viewing graphs, automatic refresh so not always work as expected
* Realtime graph pop up counter bug
* Undefined variable errors may occur when creating a new datasource
* The cli-based installer does not exit with a non-zero exit code when error occurs
* When an export is complete, sometimes the progress bar remains
* When enabling many devices, a threshold can be reached causing a slowdown in the process
* When performing actions against Devices, replicated device information could sometimes be lost
* When using API to rename a tree node, backtrace may be incorrectly shown
* When searching, valid pages can sometimes be shown as empty by ddb4github
* When exporting data from graphs, not all data was properly included
* Graph Templates filter is not updated after new graph created by ddb4github
* Username and password on the login page is not visible in Classic theme
* Improve wording of concurrent process and thread settings
* Location filter should remove blank entries by ddb4github
* When syncing data collectors, a reindex event may be triggered unnecessarily
* Automation Networks allows discovery of invalid IP addresses
* When changing permissions of the current user, they don\'t take effect immediately
* When reindexing a device, an incorrect page was sometimes displayed
* When repairing database, audit_database.php does not add missing columns
* Log page should not be empty if no log info exists
* During upgrade, there are times when realms can be duplicated leading to SQL errors
* When using ping.php, UDP response times are not interpreted properly by hypnotoad
* Improve warning you get when attempting to view a log file you don\'t have access to
* When replicating files, scripts are not marked as executable
* When creating plugin tables, collation is not set properly
* Update c3.js to version 0.7.20
* Update Chart.js to version 2.9.4
* Update phpseclib to version 2.0.29
* Update PHPMailer to version 6.1.8
* Use LSB shebang notation for cli scripts
* Add support for cactid daemon based launcher
* Add ability to hide the Graph Drilldown icons by datatecuk
* Add hooks for plugins to show custom Graph Source and custom Template URL (List View)
* Wed Nov 11 2020 Andreas Stieger - cacti 1.2.15, fixing the following bugs:
* When editing Maximum OIDs Per Get Request, blank value can cause errors
* Boost may run more often than it should
* Recache Event Loop can cause Interface Graphs to show gaps
* When searching Graph Tree\'s, non matching devices remain visible
* Page validation errors may occur when opening real time graphs
* External Links do not always open if they are still open from previous usage
* Cultural changes to various word usage
* Replicate deleted device status instead of poller sync
* Description field allows more characters entered than is stored
* When installing or upgrading, LDAP functions may not always be included properly
* Unable to remove discovered device
* When installing or upgrading, PHP recommendations may not always return a valid value
* Graph Templates has duplicate SQL delete statement
* When syncing to remote poller, missing function errors may occur
* When removing devices from remote pollers, devices may reappear without details
* When removing devices, array errors may sometimes be recorded
* Variable injection does not always work as expected
* Editing Data Queries with multiple data templates can give errors about Suggested values
* Progress bar does not provide enough visual information during long page loads
* Some themes do not allow for a way to see which user is currently signed in
* When viewing tables, allow users to force all columns to be visible
* Column sizing is being lost between pages refreshes
* When viewing input methods table, no ID is shown to help identify which method is being viewed
* Filters do not always respect using keyboard to initiate searching
* When exporting a data query, an invalid column name error can sometimes be shown
* When checking if a view is allowed, having no session can result in errors
* When removing devices via the CLI, undefined variable errors may be seen
* Real Time Graphs may cause invalid index errors
* On newer versions of MySQL/MariaDB, \'system\' keyword can cause issues
* Plugin setup can generate errors when reading options via system function
* Plugin version numbers can be unexpectedly truncated
* When PHP Session is set to autostart, an error can be reported as Cacti attempts to start it
* When removing multiple items, selection process does not always work
* When exporting colors, the indicator is not always removed upon completion
* Unable to pass tree and leaf ID to \'graph_button\' hook
* When performing maintenance, various errors may sometimes be seen
* When Guest User setting is active, current user is not always properly set
* When installing Cacti, minor errors in text can be seen
* Numbers are not always formatted properly when there are no decimal places
* When viewing Real Time Graphs, an undefined index error may be recorded
* Minor memory leaks and refresh issues when zooming on graphs
* Real Time Graphs may sometimes fail due to folder permissions
* Navigation can sometimes occur unexpectedly due to background timers
* Trees management screen not reporting correct number of trees
* Tree sequences can sometimes skip numbers during resorting
* Guest user selection should not allow setting the currently logged in user
* Links in Table Headers do not show clearly when in modern theme
* Under some cases tree logic leads to undefined index errors
* Cacti Data Debug can show errors if the Data Source is damaged or has been removed
* When importing a data query, an invalid column name error can sometimes be shown
* When using shift functions on graphs, negative values are not allowed
* Correct issue when file is unreadable reporting no file was specified
* Orphaned Plugins have no option to be removed
* Update MySQL recommendations for Character Set and Colation
* Correct sorting of IP addresses to be numeric not alpha by JamesTilt
* Saving a device should not always repopulate the poller cache
* Mon Aug 03 2020 Andreas Stieger - cacti 1.2.14:
* Poller keeps using old IP address for a device
* poller bug fixes and various display fixes
* Fix XSS vulnerability due to improper escaping of error message during template import preview (boo#1174850, CVE-2020-25706)
* Tue Jul 14 2020 Andreas Stieger - cacti 1.2.13:
* Query XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023)
* Lack of escaping on some pages can lead to XSS exposure
* Update PHPMailer to 6.1.6 (CVE-2020-13625)
* SQL Injection vulnerability due to input validation failure when editing colors (CVE-2020-14295, boo#1173090)
* Lack of escaping on template import can lead to XSS exposure
* Mon May 11 2020 Lars Vogdt - switch from cron to systemd timers (boo#1115436): + cacti-cron.timer + cacti-cron.service- introduce rpmlintrc for obvious false positives from rpmlint + cacti-rpmlintrc- use fdupes to reduce amount of needed/wasted space- re-introduce RPM Group to avoid huge rpmlint complains on 15.1- remove .gitignore and .gitattributes files (not needed)- avoid potential root escalation on systems with fs.protected_hardlinks=0 (boo#1154087): handle directory permissions in file section instead of using chown during post installation- rewrote apache configuration to get rid of .htaccess files and explicitely disable directory permissions per default (only allow a limited, well-known set of directories)
* Thu May 07 2020 Andreas Stieger - cacti 1.2.12:
* CVE-2020-7106: Lack of escaping of color items can lead to XSS exposure (boo#1163749)
* Fix multiple graphing bugs and web UI issues
* Fix multiple warnings, PHP Exceptions and errors
* Content-Security-Policy prevents External Links from being opened
* Prevent runtime memory issues by increasing memory limit
* Improve SNMPv3 handling
* Sat Apr 11 2020 Andreas Stieger - cacti 1.2.11:
* security fixes and hardening (boo#1169215) + Add SameSite support for cookies + Cookie should be properly verified against password + CSRF at Admin Email + Improper Access Control on disabling a user + Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1
* a number of bug fixes
* feature additions + Allow system uptime to be a variable for use with graphs + Add Refresh Interval to Data Collectors display + Add Location based filtering + Allow for Purging of Data Source Statistics from the GUI + Restore ability to duplicate a data profile + Enhance table navigation bars to support systems with larger number of items + Increase length of Graph Item \'value\' field to support pango-markup better + Allow Basic Auth Accounts to be mapped by CSV file + Make form elements under checkbox_groups flow using flex grid style + Set the domain attribute to secure cookies for the \'remember me\' option + Enhance the \"Graph Debug Mode\" to display RRDtool Command lengths and excess warnings
* Sun Mar 15 2020 Paolo Stivanin - cacti 1.2.10:
* CVE-2020-8813: when guest users have access to realtime graphs, remote code could be executed (boo#1164675)
* When using User Domains, global template user is used instead of the configured domain template user
* Unix timestamps after Sep 13 2020 are rejected as graph start/end arguments
* many bug fixes
* Sat Feb 15 2020 Andreas Stieger - cacti 1.2.9:
* CVE-2020-7106: Lack of escaping on some pages could lead to XSS exposure (boo#1161297)
* CVE-2020-7237: Remote Code Execution due to input validation failure in Performance Boost Debug Log (boo#1161297)
* many bug fixes
* Sun Feb 02 2020 Andreas Stieger - cacti 1.2.8:
* CVE-2019-17357: When viewing graphs, some input variables were not properly checked (SQL injection possible) [boo#1158990]
* CVE-2019-17358: Unsafe deserialisation of data [boo#1158992]
* When using HTTPS, secure cookie to prevent potential weakness
* various bug fixes
* Thu Oct 17 2019 Richard Brown - Remove obsolete Groups tag (fate#326485)
* Mon Sep 30 2019 David Liedke -Build version 1.2.7 - security#2964: CVE-2019-16723 Security issue allows to view all graphs - issue#1181: When opening the Scheduler, it may appear off screen when opened near the bottom of a window - issue#2894: When using Remote Data Collectors, database information and recommendations may show Incorrect values - issue#2895: When using data sources from different RRDs, Percentile calculation may be incorrect - issue#2899: When displaying a form, variable substitution may not always work as expected - issue#2922: When running a data query, the result may come back as undefined - issue#2925: When using consolidation functions, retrieving the first step can cause errors - issue#2926: When editing a graph, variable validation errors may prevent changes from being saved - issue#2929: Boost performance may become poor even in single server mode - issue#2930: RRDtool can generate errors to standard output which can corrupt images - issue#2932: When RRDTool generates an error creating an image, it is not always reportedly properly - issue#2936: Installer will loop when number of tables exceeds PHP\'s max_input_vars limit - issue#2938: Under CentOS packages, upgrade_database.php script uses incorrect location for DB upgrade scripts - issue#2940: Images are not always properly sized until the page size changes - issue#2949: Order icons may not be properly aligned - issue#2951: Allow legends to be modified for Aggregate Graphs - issue#2958: Drop down autocomplete lists do not always open as expected - issue#2961: When syncing device templates, undefined function may be raised - issue#2963: When running ss_cpoller script, avgTime incorrect returns maxTime - issue#2966: Realtime popup windows do not always honor settings - issue#2967: When using Spikekill, gap and range fill are not operating as expected - issue#2970: When a user edits their profile, buttons may appear as unusable whilst still being enabled - issue#2973: User menu does not always display properly on mobile devices - issue#2974: Script Server can raise unexpected warnings when \'arg_num_indexes\' set but not found in data source - issue#2975: Datasource Debug does not properly handle European numbers in certain circumstances - issue#2976: Boost messages should be stored in their own log file - issue#2977: Data updates with past timestamps can cause boost errors - issue#2978: Moving hosts between data collectors is slow - issue#2979: Multi Output Fields are not parsed correctly - issue#2984: When checking SQL fields, value was not always primed - issue#2986: Selecting \'Devices\' menu pick closes \'Management\' menu - feature#2943: Allow all Data Queries of a device to be re-indexed at once - feature#2952: If device is down or threshold breached, highlight in tree view - feature#2985: Update phpseclib to 2.0.23
* Mon Sep 02 2019 David Liedke -Build version 1.2.6 - issue#2794: Graph template not saved on graph edit - issue#2825: \"innodb_doublewrite = off\" possibly dangerous recommendation - issue#2829: PHP recommendations always see memory limit as unlimited - issue#2830: Disabled Top/Bottom external links should not be displayed - issue#2832: Install/Upgrade log does not show anything - issue#2833: Undefined index can occur when data source does not have an snmp_index - issue#2834: Boost performance drops on very large systems - issue#2835: When creating graphs and inneficient query is causing long creation times - issue#2837: Sunrise theme does not render checkboxes 100% correctly - issue#2838: jQueryMultiselect does not match upstream due to forking - issue#2839: Non regular expression search filters don\'t support international characters - issue#2841: Total count is wrong after searching for External Link pages - issue#2843: DSStats reruns Daily Aggregation every minute - issue#2844: Autocomplete settings for passwords are not properly defined - issue#2845: Data Template can\'t be edited when it is in use - issue#2846: Allow tooltips for section headers with \'question\' icon - issue#2847: Permanently convert an Aggregate to a regular graph - issue#2848: Aggregate graphs get clipped due to incorrect date range - issue#2856: Aggregate issues with very long RRDtool command lines - issue#2857: When trying to find the best index to use, a \'must implement Countable\' warning appears - issue#2860: When testing remote poller connections during install, undefined variable warning can occur - issue#2862: Automation does not calculate network information correctly for single hosts - issue#2866: Add poller ID to subject for admin notifications - issue#2869: When creating aggregates from Graphs, JavaScript issues can occur - issue#2872: Add support for MySQL 8 and use of grouping as name for a column - issue#2875: Undefined variable when removing spikes in some cases - issue#2877: When attempting to send report, undefined function \'get_tinespan\' messages appear - issue#2878: Function get_magic_quotes_gpc() is now deprecated in PHP 7.4 - issue#2879: Switching from authPriv to authNoPriv produces error when saving - issue#2884: Replication continues to occur when poller has been disabled by sysres-dev - issue#2891: Script server script ss_fping.php generates error when not called by script server - issue#2895: Percentile calculation is incorrect on Graphs with multiple Data Sources from different RRDs - issue#2901: Poller overrun warning message is badly worded - issue#2902: Mailer incorrectly reports it is sending to noone - issue#2903: PHP recommendations can generate a warning causing JSON issues - issue#2905: Sorting plugins by version can lead to unexpected ordering - issue#2907: SSL column for multiple pollers can be incorrectly set causing SQL errors - issue#2908: When URL_PATH is blank, it should assume that it is \'/\' - issue#2909: Correct usage of affect vs effect in strings - issue#2910: Can not show user menu when in portrait mode on mobile devices - issue#2911: Graph variables are not always encoded to JSON properly resulting in warnings - issue#2912: Navigation cache can sometimes be corrupted resulting in a non-array value - issue#2913: When adding new graphs, the type of graph is not remembered - issue#2917: Action icons next to graphs can sometimes become unselectable due to zoom - issue#2919: When refreshing menu, selected items are sometimes lost and submenu items can become hidden
* Tue Aug 20 2019 kukukAATTsuse.de- BuildRequire cron as this contains now the cron directories
* Tue Jul 16 2019 David Liedke -Build version 1.2.5 - issue#1978: Popup Menus can appear off screen when using Graph Thumbnails - issue#2282: Installation wizard does not detect RRDtool version correctly - issue#2524: When editing a tree, Drag and Drop of Devices does not always work as expected - issue#2573: Associated Graph Template for Data Query can sometime disappear - issue#2656: GPRINT text_format does not replace Data Query and Host Fields - issue#2661: Automation does not always calculate network range/subnet correctly - issue#2663: Some legacy Data Queries can not determine their index order causing broken graphs - issue#2674: Large strings can sometimes cause language translation can fail - issue#2719: Automation may sometimes create empty graphs - issue#2721: When replacing \'|input_xxxx|\' strings, undefined index can occur - issue#2722: Calls to _db_replace() are not consistent resulting in warnings - issue#2723: When replicating to remote pollers, Undefined Variable errors may be seen - issue#2724: When graphing HRULE items, \'Only Variables should be passed by reference\' error may be seen - issue#2725: When viewing logs in utilities, filenames should be limited the same as clog - issue#2726: During Automation logging, include the Rule ID that triggers the creation of an item by xmacan - issue#2732: When using basic authentication, automatically strip any AATTdomain information - issue#2734: Allow non-english labels to be used on Graph Templates - issue#2727: When using Polling Hosts Template, warnings can be issued when CMD.PHP is the poller - issue#2733: When processing SNMP data, space delimited hex strings do not always convert into MAC addresses - issue#2735: Mouse cursor should show as default pointer if column is not sortable - issue#2736: When using MySQL 8 or above, \'function\' is considered a reserved word unless quoted by xmacan - issue#2741: Various errors can occur due to undefined or incorrect variable names - issue#2742: Various errors can occur due to undefined or incorrect variable names - issue#2743: Attempts to close a tooltip when no tooltip has been set may cause errors - issue#2744: When changing password, undefined index error can occur if user is not logged in - issue#2748: If PHP location setting is invalid during install/upgrade, this should be notified on modules page - issue#2750: When performing multiple sort, highlighting of content occurs - issue#2751: When editing a Tree, display filter may not allow \'All\' option to work - issue#2752: When running verbose query on device, you are unable to copy text from items - issue#2753: Unable to copy entire verbose query using clipboard command - issue#2757: Page Navigation can be subject to XSS injection - issue#2758: Various sensitive directories are browsable if web server directory browsing is enabled - issue#2760: Unable to add items into a report - issue#2762: Creating an aggregate graph can sometimes fail due to unknown RRD tools error - issue#2766: When modifying Aggregate Templates, changes are not always cascaded to Graph - issue#2768: Aggregate Graphs may sometimes show the wrong row count - issue#2770: ItemType is not updated when saving Report Items - issue#2772: Add tooltip support to html_header() and html_header_checkbox() - issue#2775: Remote pollers may sometimes fail to replicate data back to main system - issue#2777: Attempting to edit a non-existent report generates an error - issue#2778: When rendering graphs, resizing can sometimes occur repeatedly - issue#2779: On new installations, automation rules for Interface Graphs are broken - issue#2780: Upgrade database script not actually upgrading Cacti - issue#2782: When replicating the syslog plugin, the configuration file is ignored causing errors - issue#2783: When limiting the number of displayed characters, international characters may sometimes display incorrectly - issue#2784: When removing a device with graphs but no data sources , errors are generated - issue#2785: When editing a graph rule, warnings incorrectly appear about unsaved changes - issue#2792: When a checkbox \'friendly name\' has a comma, checkbox functionality stops working - issue#2797: When upgrading from before 1.x, SuperLinks view permissions may not be correct - issue#2799: Under heavy use of Real Time Graphs, SQL errors may start appearing - issue#2800: When editing a tree, using a comma in the search field stops search from working - issue#2802: If a Device lacks ifName, an alternative field is not always found even if available - issue#2807: When editing a Data Template that has dependant graphs, some attributes should not be modifiable - issue#2808: When navigating a tree, the layout may unexpectedly move - issue#2814: When viewing the utilities page, HTML tags may be seen rather than rendered - issue#2816: When viewing logs, paging does not always working correctly - issue#2818: Automation can sometimes incorrectly add duplicate devices with the same sysname - issue#2820: When path is blank, is_resource_writable() will generate \'Uninitialized string offset: -1\' - issue#2821: When the desired locale can not be located, a number format issue may occur - feature#2728: Update phpseclib to 2.0.17 by DavidLiedke - feature#2809: Update c3.js & d3.js by DavidLiedke - feature#2730: Update jstree.js to 3.3.8 by DavidLiedke - feature#2754: Allow Devices, Graphs and Data Sources to be searched by ID - feature#2765: When editing a tree, allow cascading selection of available graphics - feature#2805: Merged plugins are not always upgraded correctly - feature#2823: Enhance the splice_rrd.php to be able to merge RRDfiles of differing step
  
ICM