SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for cacti-1.2.24-151.4.noarch.rpm :

* Mon Feb 27 2023 Andreas Stieger - cacti 1.2.24
* Fix: Unable to import Local Linux Machine template
* Fix multiple charting and display issues
* Compatibility changes for SNMP under PHP 8.2, and other PHP compatibility updates
* Fix multiple issues editing settings
* timeout fixes for Basic Auth
* multiple data poller bug fixes
* Mon Jan 02 2023 Andreas Stieger - cacti 1.2.23, providing security fixes, feature improvements and bug fixes:
* CVE-2022-46169: Unauthenticated Command Injection in Remote Agent (boo#1206185)
* Security: Add .htaccess file to scripts folder
* When using Single Sign-on Frameworks, revocation was not always detected in callbacks
* Fixes to the installer, and compatibility with PHP and MySQL
* Performance improvements for certain conditions
* Various UI fixes
* Bug fixes related to SNMP, RRDtools, and agents
* Sun Oct 02 2022 Andreas Stieger - cacti 1.2.22, providing one security fix, a number of bug fixes and a collection of improvements:
* When creating new graphs, cross site injection is possible (boo#1203952)
* When creating user from template, multiple Domain FullName and Mail are not propagated
* Nectar Aggregate 95th emailed report broken
* Boost may not find archive tables correctly
* Users may be unable to change their password when forced during a login
* Net-SNMP Memory Graph Template has Wrong GPRINT
* Search in tree view unusable on larger installations
* Increased bulk insert size to avoid partial inserts and potential data loss.
* Call to undefined function boost_debug in Cacti log
* When no guest template is set, login cookies are not properly set
* Later RRDtool releases do not need to check last_update time
* Regex filters are not always long enough
* Domains based LDAP and AD Fullname and Email not auto-populated
* Cacti polling and boost report the wrong number of Data Sources when Devices are disabled
* When editing Graph Template Items there are cases where VDEF\'s are hidden when they should be shown
* Database SSL setting lacks default value
* Update default path cacti under
*BSD by xmacan
* Web Basic authentication not creating template user
* Unable to change the Heartbeat of a Data Source Profile
* Tree Search Does Not Properly Search All Trees
* When structured paths are setup, RRDfiles may not always be created when possible
* When parsing the logs, caching would help speed up processing
* Deprecation warnings when attempting real-time Graphs with PHP8.1
* Custom Timespan is lost when clicking other tree branches
* Non device based Data Sources not being polled
* When Resource XML file inproperly formatted, graph creation can fail with errors
* Update code style to support PHP 8 requirements
* None\" shows all graphs
* Realtime popup window experiences issues on some browsers
* Auth settings do not always properly reflect the options selected by ddb4github
* MySQL can cause cacti to become stalled due to locking issues
* Boost process can get hung under rare conditions until the poller times out
* Exporting graphs under PHP 8 can cause errors
* Host table has wrong default for disabled and deleted columns
* RRD storage paths do not scale properly
* When importing, make it possible to only import certain components
* Update change_device script to include new features by bmfmancini
* Make help pages use latest online version wherever possible
* Cacti should show PHP INI locations during install
* Detect PHP INI values that are different in the INI vs running config
* Added Gradient Color support for AREA charts by thurban
* Update CDEF functions for RRDtool
* When boost is running, it\'s not clear which processes are running and how long they have to complete
* Sun May 29 2022 Andreas Stieger - cacti 1.2.21:
* Add a CLI script to install/enable/disable/uninstall plugins
* Add log message when purging DS stats and poller repopulate
* A collection of bug fixes
* Fri Apr 22 2022 Ferdinand Thiessen - Update to 1.2.20
* Security fix for CVE-2022-0730, boo#1196692 Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
* Security fix: Device, Graph, Graph Template, and Graph Items may be vulnerable to XSS issues
* Security fix: Lockout policies are not properly applied to LDAP and Domain Users
* Security fix: When using \'remember me\' option, incorrect realm may be selected
* Security fix: User and Group maintenance are vulnerable to SQL attacks
* Security fix: Color Templates are vulnerable to XSS attack
* Features:
* When creating a Data Source Profile, allow additional choices for Heartbeat
* Change select all options to use Font Awesome icons
* Improve spine performance by storing the total number of system snmp_ports in use
* Prevent Template User Accounts from being Removed
* When managing by users, allow filtering by Realm
* Allow plugins to supply template account names
* When viewing logs, additional message types should be filterable
* When creating a Graph Template Item, allow filtering by Data Template
* Allow language handler to be selected via UI
* Updated Device packages for Synology, Citrix NetScaler, Cisco ASA/Cisco
* Add Advanced Ping Graph Template to initial Installable templates
* Add LDAP Debug Mode option
* Allow Reports to include devices not on a Tree
* Allow Basic Authentication to display custom failure message
* Fix: When replicating data during installation/upgrade, system may appear to hang
* Fix: Graph Template Items may have duplicated entries
* Fix: Unable to Save Graph Settings
* Fix: Script Server may crash if an OID is missing or unavailable
* Fix: When system-wide polling is disabled, remote pollers may fail to sync changed settings
* Fix: When updating poller name, duplicate name protection may be over zealous
* Fix: Titles may show \"Missing Datasource\" incorectly
* Fix: Checking for MIB Cache can cause crashes
* Fix: Polling cycles may not always complete as expected
* Fix: When viewing graph data, non-numeric values may appear
* Fix: Utilities view has calculation errors when there are no data sources
* Fix: When editing Reports, drag and drop may not function as intended
* Fix: When data drive is full, viewing a Graph can result in errors
* Various other bug fixes
* Sat Nov 06 2021 Andreas Stieger - cacti 1.2.19:
* Further fixes for grave character security protection (boo#1192408)
* Fix Over aggressive escaping causing menu visibility issues on Create Device page
* Add SHA256 and AES256 security levels for SNMP polling
* Import graph template(Preview Only) show color_id new value as a blank area
* Fix Editing graphs errors due to missing sequence
* Fix 2hen hovering over a Tree Graph, row shows same highlighting as Graph Edit screen
* Fix 2hen RealTime is not active, console errors may appear
* Fix race conditions may occur when multiple RRDtool processes are running
* Fix errors creating graphs from templates
* Fix errors when duplicating reports
* Fix Boost may be blocked by overflowing poller_output table
* Fix Template import may be blocked due to unmet dependency warnings with snmp ports
* Fix Newer MySQL versions may error if committing a transaction when not in one
* Fix SNMP Agent may not find a cache item
* Fix Correct issues running under PHP 8.x
* Fix When polling is disabled, boost may crash and creates many arch tables
* Fix When poller runs, memory tables may not always be present
* Fix Timezones may sometimes be incorrectly calculated
* Fix Allow monitoring IPv6 with interface graphs
* Fix When a data source uses a Data Input Method, those without a mapping should be flagged
* Fix When RRDfile is not yet created, errors may appear when displaying the graph
* Fix Cacti missing key indexes that result in Preset pages slowdowns
* Fix Data Sources page shows no name when Data Source has no name cache
* Fix db_update_table function can not alter table from signed to unsigned
* Fix data remains in poller_output table even if it\'s flushed to rrd files
* Fix Parameter list for lib/database.php:db_connect_real() is not correct in 3 places
* Fix Offset is a reserved word in MariaDB 10.6 affecting Report
* Fix Rendering large trees slowed due to lack of permission caching
* Fix Error on interpretation of snmpUtime, when to big
* Fix Applying right axis formatting creates an error-image
* Fix Unable to Save Graph Settings from the Graphs pages
* Fix Graph Template Cache is nullified too often when Graph Automation is running
* Fix When Adding a Data Query to a Device, no Progress Spinner is shown
* Fix New Browser Breaks Plugins that depend on non UTC date time data
* Fix errors when testing remote poller connectivity
* Fix errors when renaming poller
* Fix Removing spikes by Variance does not appear to be working beyond the first RRA
* Fix LDAP API lacks timeout options leading to bad login experiences
* Add a normal/wrap class for general use
* Limit File Types available for Template Import operations
* Fix Cacti does not provide an option of providing a client side certificate for LDAP/AD authentication
* Support Stronger Encryption Available Starting in Net-SNMP v5.8
* Allow Cacti to use multiple possible LDAP servers
* Add a 15 minute polling/sampling interval
* Provide additional admin email notifications
* Add warnings for undesired changes to plugin hook return values
* When creating a Graph, make testing the Data Sources optional by Template
* Update phpseclib to 2.0.33
* Update jstree.js to 3.3.12
* Improve performance of Cacti poller on heavily loaded systems
* MariaDB recommendations need some tuning for recent updates
* Sat Jul 10 2021 Andreas Stieger - cacti 1.2.18:
* CVE-2020-14424: Lack of escaping on template import can lead to XSS exposure under \'midwinter\' theme (boo#1188188)
* Real time graphs can expose XSS issue
* Wed May 05 2021 Andreas Stieger - cacti 1.2.17:
* Fix incorrect handling of fields led to potential XSS issues
* CVE-2020-35701: Fix SQL Injection vulnerability (boo#1180804)
* Fix various XSS issues with HTML Forms handling
* Fix handling of Daylight Saving Time changes
* Multiple fixes and extensions to plugins
* Fix multiple display, export, and input validation issues
* SNMPv3 Password field was not correctly limited
* Improved regular expression handling for searcu
* Improved support for RRDproxy
* Improved behavior on large systems
* MariaDB/MysQL: Support persistent connections and improve multiple operations and options
* Add Theme \'Midwinter\'
* Modify automation to test for data before creating graphs
* Add hooks for plugins to show customize graph source and customize template url
* Allow CSRF security key to be refreshed at command line
* Allow remote pollers statistics to be cleared
* Allow user to be automatically logged out after admin defined period
* When replicating, ensure Cacti can detect and verify replica servers
* Fri Dec 18 2020 Andreas Stieger - fix httpd startup errors due to mismatched configuration directives boo#1175314
* Thu Dec 03 2020 Paolo Stivanin - cacti 1.2.16:
* When generating a report, the Cascade to Branches function does not as expected
* When viewing graphs, automatic refresh so not always work as expected
* Realtime graph pop up counter bug
* Undefined variable errors may occur when creating a new datasource
* The cli-based installer does not exit with a non-zero exit code when error occurs
* When an export is complete, sometimes the progress bar remains
* When enabling many devices, a threshold can be reached causing a slowdown in the process
* When performing actions against Devices, replicated device information could sometimes be lost
* When using API to rename a tree node, backtrace may be incorrectly shown
* When searching, valid pages can sometimes be shown as empty by ddb4github
* When exporting data from graphs, not all data was properly included
* Graph Templates filter is not updated after new graph created by ddb4github
* Username and password on the login page is not visible in Classic theme
* Improve wording of concurrent process and thread settings
* Location filter should remove blank entries by ddb4github
* When syncing data collectors, a reindex event may be triggered unnecessarily
* Automation Networks allows discovery of invalid IP addresses
* When changing permissions of the current user, they don\'t take effect immediately
* When reindexing a device, an incorrect page was sometimes displayed
* When repairing database, audit_database.php does not add missing columns
* Log page should not be empty if no log info exists
* During upgrade, there are times when realms can be duplicated leading to SQL errors
* When using ping.php, UDP response times are not interpreted properly by hypnotoad
* Improve warning you get when attempting to view a log file you don\'t have access to
* When replicating files, scripts are not marked as executable
* When creating plugin tables, collation is not set properly
* Update c3.js to version 0.7.20
* Update Chart.js to version 2.9.4
* Update phpseclib to version 2.0.29
* Update PHPMailer to version 6.1.8
* Use LSB shebang notation for cli scripts
* Add support for cactid daemon based launcher
* Add ability to hide the Graph Drilldown icons by datatecuk
* Add hooks for plugins to show custom Graph Source and custom Template URL (List View)
* Wed Nov 11 2020 Andreas Stieger - cacti 1.2.15, fixing the following bugs:
* When editing Maximum OIDs Per Get Request, blank value can cause errors
* Boost may run more often than it should
* Recache Event Loop can cause Interface Graphs to show gaps
* When searching Graph Tree\'s, non matching devices remain visible
* Page validation errors may occur when opening real time graphs
* External Links do not always open if they are still open from previous usage
* Cultural changes to various word usage
* Replicate deleted device status instead of poller sync
* Description field allows more characters entered than is stored
* When installing or upgrading, LDAP functions may not always be included properly
* Unable to remove discovered device
* When installing or upgrading, PHP recommendations may not always return a valid value
* Graph Templates has duplicate SQL delete statement
* When syncing to remote poller, missing function errors may occur
* When removing devices from remote pollers, devices may reappear without details
* When removing devices, array errors may sometimes be recorded
* Variable injection does not always work as expected
* Editing Data Queries with multiple data templates can give errors about Suggested values
* Progress bar does not provide enough visual information during long page loads
* Some themes do not allow for a way to see which user is currently signed in
* When viewing tables, allow users to force all columns to be visible
* Column sizing is being lost between pages refreshes
* When viewing input methods table, no ID is shown to help identify which method is being viewed
* Filters do not always respect using keyboard to initiate searching
* When exporting a data query, an invalid column name error can sometimes be shown
* When checking if a view is allowed, having no session can result in errors
* When removing devices via the CLI, undefined variable errors may be seen
* Real Time Graphs may cause invalid index errors
* On newer versions of MySQL/MariaDB, \'system\' keyword can cause issues
* Plugin setup can generate errors when reading options via system function
* Plugin version numbers can be unexpectedly truncated
* When PHP Session is set to autostart, an error can be reported as Cacti attempts to start it
* When removing multiple items, selection process does not always work
* When exporting colors, the indicator is not always removed upon completion
* Unable to pass tree and leaf ID to \'graph_button\' hook
* When performing maintenance, various errors may sometimes be seen
* When Guest User setting is active, current user is not always properly set
* When installing Cacti, minor errors in text can be seen
* Numbers are not always formatted properly when there are no decimal places
* When viewing Real Time Graphs, an undefined index error may be recorded
* Minor memory leaks and refresh issues when zooming on graphs
* Real Time Graphs may sometimes fail due to folder permissions
* Navigation can sometimes occur unexpectedly due to background timers
* Trees management screen not reporting correct number of trees
* Tree sequences can sometimes skip numbers during resorting
* Guest user selection should not allow setting the currently logged in user
* Links in Table Headers do not show clearly when in modern theme
* Under some cases tree logic leads to undefined index errors
* Cacti Data Debug can show errors if the Data Source is damaged or has been removed
* When importing a data query, an invalid column name error can sometimes be shown
* When using shift functions on graphs, negative values are not allowed
* Correct issue when file is unreadable reporting no file was specified
* Orphaned Plugins have no option to be removed
* Update MySQL recommendations for Character Set and Colation
* Correct sorting of IP addresses to be numeric not alpha by JamesTilt
* Saving a device should not always repopulate the poller cache
* Mon Aug 03 2020 Andreas Stieger - cacti 1.2.14:
* Poller keeps using old IP address for a device
* poller bug fixes and various display fixes
* Fix XSS vulnerability due to improper escaping of error message during template import preview (boo#1174850, CVE-2020-25706)
* Tue Jul 14 2020 Andreas Stieger - cacti 1.2.13:
* Query XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023)
* Lack of escaping on some pages can lead to XSS exposure
* Update PHPMailer to 6.1.6 (CVE-2020-13625)
* SQL Injection vulnerability due to input validation failure when editing colors (CVE-2020-14295, boo#1173090)
* Lack of escaping on template import can lead to XSS exposure
* Mon May 11 2020 Lars Vogdt - switch from cron to systemd timers (boo#1115436): + cacti-cron.timer + cacti-cron.service- introduce rpmlintrc for obvious false positives from rpmlint + cacti-rpmlintrc- use fdupes to reduce amount of needed/wasted space- re-introduce RPM Group to avoid huge rpmlint complains on 15.1- remove .gitignore and .gitattributes files (not needed)- avoid potential root escalation on systems with fs.protected_hardlinks=0 (boo#1154087): handle directory permissions in file section instead of using chown during post installation- rewrote apache configuration to get rid of .htaccess files and explicitely disable directory permissions per default (only allow a limited, well-known set of directories)
* Thu May 07 2020 Andreas Stieger - cacti 1.2.12:
* CVE-2020-7106: Lack of escaping of color items can lead to XSS exposure (boo#1163749)
* Fix multiple graphing bugs and web UI issues
* Fix multiple warnings, PHP Exceptions and errors
* Content-Security-Policy prevents External Links from being opened
* Prevent runtime memory issues by increasing memory limit
* Improve SNMPv3 handling
* Sat Apr 11 2020 Andreas Stieger - cacti 1.2.11:
* security fixes and hardening (boo#1169215) + Add SameSite support for cookies + Cookie should be properly verified against password + CSRF at Admin Email + Improper Access Control on disabling a user + Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1
* a number of bug fixes
* feature additions + Allow system uptime to be a variable for use with graphs + Add Refresh Interval to Data Collectors display + Add Location based filtering + Allow for Purging of Data Source Statistics from the GUI + Restore ability to duplicate a data profile + Enhance table navigation bars to support systems with larger number of items + Increase length of Graph Item \'value\' field to support pango-markup better + Allow Basic Auth Accounts to be mapped by CSV file + Make form elements under checkbox_groups flow using flex grid style + Set the domain attribute to secure cookies for the \'remember me\' option + Enhance the \"Graph Debug Mode\" to display RRDtool Command lengths and excess warnings
* Sun Mar 15 2020 Paolo Stivanin - cacti 1.2.10:
* CVE-2020-8813: when guest users have access to realtime graphs, remote code could be executed (boo#1164675)
* When using User Domains, global template user is used instead of the configured domain template user
* Unix timestamps after Sep 13 2020 are rejected as graph start/end arguments
* many bug fixes
* Sat Feb 15 2020 Andreas Stieger - cacti 1.2.9:
* CVE-2020-7106: Lack of escaping on some pages could lead to XSS exposure (boo#1161297)
* CVE-2020-7237: Remote Code Execution due to input validation failure in Performance Boost Debug Log (boo#1161297)
* many bug fixes
* Sun Feb 02 2020 Andreas Stieger - cacti 1.2.8:
* CVE-2019-17357: When viewing graphs, some input variables were not properly checked (SQL injection possible) [boo#1158990]
* CVE-2019-17358: Unsafe deserialisation of data [boo#1158992]
* When using HTTPS, secure cookie to prevent potential weakness
* various bug fixes
  
ICM