Cacti Changelog

What's new in Cacti 1.1.37

Mar 26, 2018
  • issue#274: Allow Realtime Graph Popup Mode
  • issue#1405: When Data Query columns are wide, they cause rendering issues
  • issue#1414: DSSTATS reports incorrectly that a data source does not exist
  • issue#1419: Filtering log results in errors in the log
  • issue#1420: PHP NOTICE editing cdef and vdef items
  • issue#1421: CLI upgrade_database.php PHP Warning on execution
  • issue#1426: Remote poller erroring attempting to verify files
  • issue#1432: Delete confirmation does not disappear
  • issue#1443: Partial Save warnings under Settings -> Mail/Reporting/DNS
  • issue#1447: CLI audit_database.php not detecting database name, and failed to create audit tables when run fresh
  • issue#1453: CLI add_graph.php not allowing title to be set
  • issue#1456: Increase minimum php version maintaining support for RHEL6
  • issue#1457: Path-Based Cross-Site Scripting (XSS) issues
  • issue#1458: Error in logs when creating new graphs
  • issue#1459: Automation filter not applied correctly
  • issue#1461: Setting output_format on input type causes no values to be returned
  • issue#1464: Poller stuck in infinitely loop causing excess logging
  • issue#1466: No scrollbars in mobile browsers
  • issue#1468: Increase max length of host.snmp_sysObjectID column
  • issue#1471: Undefined function found in global_languages.php
  • issue#1472: Change Device Options - Style needs updating
  • issue#1474: Check possibility for creation of temporary tables on install
  • issue#1487: Undefined constant in ldap.php
  • issue#1489: Add ability to use parts of OID as value via regex
  • issue#1483: Create New Graphs - Paw Styling Issue
  • issue#1493: Can't create tree branches with '#' sign
  • feature: Updated Chinese Simplified translations
  • feature: Updated Dutch translations
  • feature: JavaScript library Chart.js updated 2.7.2
  • feature: Allow snmp formatting functions to detect UTF-8 output

New in Cacti 1.1.33 (Jan 23, 2018)

  • issue#1253: Automatically generated RRDtool DEF names in Cacti 1.1.32 break existing Graph Templates

New in Cacti 1.1.16 (Sep 4, 2017)

  • issue#865: Escape Data Query arguments to prevent issues with special characters
  • issue#872: Can't add device items to graphs generated with no device and no template
  • issue#875: When modifying Realm permissions, realms that are listed multiple times don't stay in sync
  • issue#877: Improving resolution to issue#847 and one additional vulnerability
  • issue#878: Ambiguous language in purge log function
  • issue#879: SQL Error when adding a report item to a report
  • issue#880: Device drop down is limited to 20 devices and lacks a scroll bar
  • issue#885: Graph generated with no device and no graph template forgets device definitions
  • issue#886: Unable to export templates other than Device templates
  • issue: Address additional corner cases around get_order_string usage
  • issue: Data Queries sharing a Data Source can result in poller output table not empty errors
  • issue: Fix Sunrise theme to properly theme multiselect widgets
  • issue: Increase height of multiselects so that more options are visible
  • issue: When a graph is locked, anchor tags are still functional

New in Cacti 1.1.7 (May 22, 2017)

  • issue#470: Enhance Cacti's SNMP function and Data Query XML, add hex|string|guess
  • issue#653: Devices with empty sysNames are not added to discovered devices
  • issue#655: Data source not displaying device name
  • issue#658: Scheduled Reports (type "tree") not working
  • issue#662: Sending test Email should optionally bypass ping
  • issue#667: In Classic theme initial view of Tree view broken
  • issue#669: Invalid SQL Messages when upgrading to Cacti 1.0.5
  • issue#670: Validation error when you do "Change Graph Template" in Cacti
  • issue#672: Cacti unable to enable snmp notification receiver mibs
  • issue#680: Sort order in Time Graph View
  • issue#687: Cacti DB access not compatible with PHP 7
  • issue#696: Multiple issues with snmpagent notification UI
  • issue#699: Add custom error handler for ping functions
  • issue#704: Fix GUI issues for Graphs not belonging to a device
  • issue#707: Back button not working
  • issue#708: Issues finding lib/snmp.php in host disk functions
  • issue#712: Change Graph Template dropdown invalid
  • issue#717: Allow ajax callbacks when adding non-templated graph items
  • issue: Reports were not using Cacti's permission system for checking access
  • issue: User Admin page reported wrong permissions at Tree level missing some i18n as well
  • issue: Short data_name can cause data collection issues
  • feature: Updated Dutch language
  • feature: Updating PHPMailer to 5.2.23
  • feature: Support input-output Data Query types
  • feature: Introduce new get_cacti_version() to reduce database calls on pages

New in Cacti 1.1.5 (Apr 27, 2017)

  • Data collection warnings when using cmd.php
  • Incorrectly formatted HTML
  • Replace in data input methods
  • Allow draw_menu to specify multiple actions for the same URL
  • Spaces adjacent to double quotes are eliminated during data input method import
  • Honor the column setting in graph tree view mode
  • Change Graph Template action not available
  • Cacti Installation Wizard - Spine page incorrect on Windows
  • Uncaught Error: Call to a member function row() on a string
  • Network Automation, now requires a site or your are unable to save rules
  • Data Input field length too short for longer scripts
  • Export logging option in settings no longer used

New in Cacti 0.8.8f (Jul 20, 2015)

  • bug:0002599: 0.8.8e Poller Script Parser is Broken
  • bug:0002600: cli/upgrade_database.php is missing releases
  • bug:0002603: Graph managment graphs.php save button does not work
  • bug:0002599: Poller Script Parser is Broken

New in Cacti 0.8.8e (Jul 13, 2015)

  • bug: Fixed issue with graph zooming failing to work
  • bug: Fixed various SQL Injection vectors
  • bug#0002569: Impossible to have a URL pointing directly to a graph
  • bug#0002574: SQL Injection Vulnerabilities in graph items and graph template items
  • bug#0002577: CVE-2015-4634 - SQL injection in graphs.php
  • bug#0002579: SQL Injection Vulnerabilities in data sources
  • bug#0002580: SQL Injection in cdef.php
  • bug#0002582: SQL Injection in data_templates.php
  • bug#0002583: SQL Injection in graph_templates.php
  • bug#0002584: SQL Injection in host_templates.php
  • bug#0002586: Cannot delete data sources from the GUI
  • bug#0002592: graph_view.php - viewing host in new tab - Undefined index: nodeid
  • bug#0002594: status_fail_date and status_rec_date are set incorrectly after host is marked down
  • bug#0002597: Incorrect value in Hosts column on Host Templates page
  • bug#0002598: Incorrect row number in Devices -> (Edit) page

New in Cacti 0.8.8d (Jun 10, 2015)

  • feature: Remove un-needed fonts and javascript files
  • bug: Fixed SQL injection VN: JVN#78187936 / TN:JPCERT#98968540
  • bug#0002261: PHP 5.4.0 added new error_reporting variable, causing cacti to show errors
  • bug#0002391: Odd Behaviour on ReIndex of Data Query Data
  • bug#0002393: Broken thumbnail images for graph templates
  • bug#0002402: Subtree must not have the same header as the parent header
  • bug#0002474: CLI add_device.php dows not set availability_method correctly
  • bug#0002449: The Save button does not work: Invalid html on page Console -> Cacti Settings: empty form tag
  • bug#0002428: Fail to delete all data input items when removing more than 1000 data sources
  • bug#0002439: Password with special character don't work with LDAP authentication
  • bug#0002461: invalid bn with ldap and anonymous bind
  • bug#0002465: Graph Export return empty CSV file
  • bug#0002484: Incorrect SQL request in cli script repair_database.php
  • bug#0002485: Broken pagenation on graph viewing
  • bug#0002489: SNMP - Get Mounted Partitions using Re-index method of Index Count Changed causes recache event every time
  • bug#0002490: Can not select page for multiple datasources per device
  • bug#0002494: CSV export always shows last day
  • bug#0002504: Data template search not functional
  • bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting Vulnerability Notification
  • bug#0002543: Unable to switch pages within graphs_new.php due to invalid URL generation
  • bug#0002544: Duplicate entry in $nav_url during list view
  • bug#0002571: SQL Injection and Location header injection from cdef id CVE-2015-4342
  • bug#0002572: SQL injection in graph templates

New in Cacti 0.8.8c (Nov 24, 2014)

  • Important Security Fixes:
  • CVE-2013-5588 - XSS issue via installer or device editing
  • CVE-2013-5589 - SQL injection vulnerability in device editing
  • CVE-2014-2326 - XSS issue via CDEF editing
  • CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
  • CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
  • CVE-2014-4002 - XSS issues in multiple files
  • CVE-2014-5025 - XSS issue via data source editing
  • CVE-2014-5026 - XSS issues in multiple files
  • Important Updates:
  • New graph tree view
  • Updated graph list and graph preview
  • Refactor graph tree view to remove GPL incompatible code
  • Updated command line database upgrade utility
  • Graph zooming now from everywhere

New in Cacti 0.8.8b (Nov 21, 2013)

  • Fixed issue with custom data source information being lost when saved from edit
  • Repopulate the poller cache on new installations
  • Fix issue with poller not escaping the script query path correctly
  • Allow snmpv3 priv proto none
  • Fix issue where host activate may flush the entire poller item cache
  • SQL injection and shell escaping issues

New in Cacti 0.8.8a (May 1, 2012)

  • Plugin Architecture is now part of Cacti.

New in Cacti 0.8.7g (Jul 10, 2010)

  • Includes many important security and bug fixes.

New in Cacti 0.8.6k (Feb 21, 2009)

  • This version fixes a handful of bugs.

New in Cacti 0.8.7c (Jan 27, 2009)

  • This release features 89 bugfixes and 46 new features.
  • Highlights include graph tree pagination and searching, RRDtool 1.3 support, improved LDAP support, and improved data source balancing logic in the poller.