What's new in Cacti 1.1.37
Mar 26, 2018
- issue#274: Allow Realtime Graph Popup Mode
- issue#1405: When Data Query columns are wide, they cause rendering issues
- issue#1414: DSSTATS reports incorrectly that a data source does not exist
- issue#1419: Filtering log results in errors in the log
- issue#1420: PHP NOTICE editing cdef and vdef items
- issue#1421: CLI upgrade_database.php PHP Warning on execution
- issue#1426: Remote poller erroring attempting to verify files
- issue#1432: Delete confirmation does not disappear
- issue#1443: Partial Save warnings under Settings -> Mail/Reporting/DNS
- issue#1447: CLI audit_database.php not detecting database name, and failed to create audit tables when run fresh
- issue#1453: CLI add_graph.php not allowing title to be set
- issue#1456: Increase minimum php version maintaining support for RHEL6
- issue#1457: Path-Based Cross-Site Scripting (XSS) issues
- issue#1458: Error in logs when creating new graphs
- issue#1459: Automation filter not applied correctly
- issue#1461: Setting output_format on input type causes no values to be returned
- issue#1464: Poller stuck in infinitely loop causing excess logging
- issue#1466: No scrollbars in mobile browsers
- issue#1468: Increase max length of host.snmp_sysObjectID column
- issue#1471: Undefined function found in global_languages.php
- issue#1472: Change Device Options - Style needs updating
- issue#1474: Check possibility for creation of temporary tables on install
- issue#1487: Undefined constant in ldap.php
- issue#1489: Add ability to use parts of OID as value via regex
- issue#1483: Create New Graphs - Paw Styling Issue
- issue#1493: Can't create tree branches with '#' sign
- feature: Updated Chinese Simplified translations
- feature: Updated Dutch translations
- feature: JavaScript library Chart.js updated 2.7.2
- feature: Allow snmp formatting functions to detect UTF-8 output
New in Cacti 1.1.33 (Jan 23, 2018)
- issue#1253: Automatically generated RRDtool DEF names in Cacti 1.1.32 break existing Graph Templates
New in Cacti 1.1.16 (Sep 4, 2017)
- issue#865: Escape Data Query arguments to prevent issues with special characters
- issue#872: Can't add device items to graphs generated with no device and no template
- issue#875: When modifying Realm permissions, realms that are listed multiple times don't stay in sync
- issue#877: Improving resolution to issue#847 and one additional vulnerability
- issue#878: Ambiguous language in purge log function
- issue#879: SQL Error when adding a report item to a report
- issue#880: Device drop down is limited to 20 devices and lacks a scroll bar
- issue#885: Graph generated with no device and no graph template forgets device definitions
- issue#886: Unable to export templates other than Device templates
- issue: Address additional corner cases around get_order_string usage
- issue: Data Queries sharing a Data Source can result in poller output table not empty errors
- issue: Fix Sunrise theme to properly theme multiselect widgets
- issue: Increase height of multiselects so that more options are visible
- issue: When a graph is locked, anchor tags are still functional
New in Cacti 1.1.7 (May 22, 2017)
- issue#470: Enhance Cacti's SNMP function and Data Query XML, add hex|string|guess
- issue#653: Devices with empty sysNames are not added to discovered devices
- issue#655: Data source not displaying device name
- issue#658: Scheduled Reports (type "tree") not working
- issue#662: Sending test Email should optionally bypass ping
- issue#667: In Classic theme initial view of Tree view broken
- issue#669: Invalid SQL Messages when upgrading to Cacti 1.0.5
- issue#670: Validation error when you do "Change Graph Template" in Cacti
- issue#672: Cacti unable to enable snmp notification receiver mibs
- issue#680: Sort order in Time Graph View
- issue#687: Cacti DB access not compatible with PHP 7
- issue#696: Multiple issues with snmpagent notification UI
- issue#699: Add custom error handler for ping functions
- issue#704: Fix GUI issues for Graphs not belonging to a device
- issue#707: Back button not working
- issue#708: Issues finding lib/snmp.php in host disk functions
- issue#712: Change Graph Template dropdown invalid
- issue#717: Allow ajax callbacks when adding non-templated graph items
- issue: Reports were not using Cacti's permission system for checking access
- issue: User Admin page reported wrong permissions at Tree level missing some i18n as well
- issue: Short data_name can cause data collection issues
- feature: Updated Dutch language
- feature: Updating PHPMailer to 5.2.23
- feature: Support input-output Data Query types
- feature: Introduce new get_cacti_version() to reduce database calls on pages
New in Cacti 1.1.5 (Apr 27, 2017)
- Data collection warnings when using cmd.php
- Incorrectly formatted HTML
- Replace in data input methods
- Allow draw_menu to specify multiple actions for the same URL
- Spaces adjacent to double quotes are eliminated during data input method import
- Honor the column setting in graph tree view mode
- Change Graph Template action not available
- Cacti Installation Wizard - Spine page incorrect on Windows
- Uncaught Error: Call to a member function row() on a string
- Network Automation, now requires a site or your are unable to save rules
- Data Input field length too short for longer scripts
- Export logging option in settings no longer used
New in Cacti 0.8.8f (Jul 20, 2015)
- bug:0002599: 0.8.8e Poller Script Parser is Broken
- bug:0002600: cli/upgrade_database.php is missing releases
- bug:0002603: Graph managment graphs.php save button does not work
- bug:0002599: Poller Script Parser is Broken
New in Cacti 0.8.8e (Jul 13, 2015)
- bug: Fixed issue with graph zooming failing to work
- bug: Fixed various SQL Injection vectors
- bug#0002569: Impossible to have a URL pointing directly to a graph
- bug#0002574: SQL Injection Vulnerabilities in graph items and graph template items
- bug#0002577: CVE-2015-4634 - SQL injection in graphs.php
- bug#0002579: SQL Injection Vulnerabilities in data sources
- bug#0002580: SQL Injection in cdef.php
- bug#0002582: SQL Injection in data_templates.php
- bug#0002583: SQL Injection in graph_templates.php
- bug#0002584: SQL Injection in host_templates.php
- bug#0002586: Cannot delete data sources from the GUI
- bug#0002592: graph_view.php - viewing host in new tab - Undefined index: nodeid
- bug#0002594: status_fail_date and status_rec_date are set incorrectly after host is marked down
- bug#0002597: Incorrect value in Hosts column on Host Templates page
- bug#0002598: Incorrect row number in Devices -> (Edit) page
New in Cacti 0.8.8d (Jun 10, 2015)
- feature: Remove un-needed fonts and javascript files
- bug: Fixed SQL injection VN: JVN#78187936 / TN:JPCERT#98968540
- bug#0002261: PHP 5.4.0 added new error_reporting variable, causing cacti to show errors
- bug#0002391: Odd Behaviour on ReIndex of Data Query Data
- bug#0002393: Broken thumbnail images for graph templates
- bug#0002402: Subtree must not have the same header as the parent header
- bug#0002474: CLI add_device.php dows not set availability_method correctly
- bug#0002449: The Save button does not work: Invalid html on page Console -> Cacti Settings: empty form tag
- bug#0002428: Fail to delete all data input items when removing more than 1000 data sources
- bug#0002439: Password with special character don't work with LDAP authentication
- bug#0002461: invalid bn with ldap and anonymous bind
- bug#0002465: Graph Export return empty CSV file
- bug#0002484: Incorrect SQL request in cli script repair_database.php
- bug#0002485: Broken pagenation on graph viewing
- bug#0002489: SNMP - Get Mounted Partitions using Re-index method of Index Count Changed causes recache event every time
- bug#0002490: Can not select page for multiple datasources per device
- bug#0002494: CSV export always shows last day
- bug#0002504: Data template search not functional
- bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting Vulnerability Notification
- bug#0002543: Unable to switch pages within graphs_new.php due to invalid URL generation
- bug#0002544: Duplicate entry in $nav_url during list view
- bug#0002571: SQL Injection and Location header injection from cdef id CVE-2015-4342
- bug#0002572: SQL injection in graph templates
New in Cacti 0.8.8c (Nov 24, 2014)
- Important Security Fixes:
- CVE-2013-5588 - XSS issue via installer or device editing
- CVE-2013-5589 - SQL injection vulnerability in device editing
- CVE-2014-2326 - XSS issue via CDEF editing
- CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
- CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
- CVE-2014-4002 - XSS issues in multiple files
- CVE-2014-5025 - XSS issue via data source editing
- CVE-2014-5026 - XSS issues in multiple files
- Important Updates:
- New graph tree view
- Updated graph list and graph preview
- Refactor graph tree view to remove GPL incompatible code
- Updated command line database upgrade utility
- Graph zooming now from everywhere
New in Cacti 0.8.8b (Nov 21, 2013)
- Fixed issue with custom data source information being lost when saved from edit
- Repopulate the poller cache on new installations
- Fix issue with poller not escaping the script query path correctly
- Allow snmpv3 priv proto none
- Fix issue where host activate may flush the entire poller item cache
- SQL injection and shell escaping issues
New in Cacti 0.8.8a (May 1, 2012)
- Plugin Architecture is now part of Cacti.
New in Cacti 0.8.7g (Jul 10, 2010)
- Includes many important security and bug fixes.
New in Cacti 0.8.6k (Feb 21, 2009)
- This version fixes a handful of bugs.
New in Cacti 0.8.7c (Jan 27, 2009)
- This release features 89 bugfixes and 46 new features.
- Highlights include graph tree pagination and searching, RRDtool 1.3 support, improved LDAP support, and improved data source balancing logic in the poller.