v1.2.18

Release of Cacti 1.2.18

Thank you everyone who are using Cacti and especially those helping to make Cacti better!

For additional details check out the README located on GitHub.

Contribute

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Cacti Change Log

• security #4261: Lack of escaping on template import can lead to XSS exposure under 'midwinter' theme (CVE-2020-14424)
• security #4276: Real time graphs can expose XSS issue
• security #4282: Session IDs are not always recreated when logging out under PHP 5
• issue #4250: Unable to create graphs due to Data Source verification failure
• issue #4254: When poller first runs, time since last run produces an error
• issue #4259: Data Template caching does not update and causes errors
• issue #4263: Graphs with multiple data sources can no longer display percenticles
• issue #4266: Incomplete items from a previous polling session may be updated twice
• issue #4267: Unnecessary warnings appear when host name is not resolved
• issue #4269: Installation Wizard can become stuck when creating graphs for default device
• issue #4271: Continued timeout of registered processes
• issue #4272: Unexpected errors may appear when using hostnames without a DNS domain
• issue #4273: When adding a device from command line, testing of data sources can cause errors to be recorded
• issue #4274: When you start to zoom a graph, the auto graph refresh should be disabled
• issue #4279: Default Setting "Device Threads" will not be saved correctly
• issue #4284: Database upgrade can fail - Uncaught argument count error
• issue #4293: Tree search does not take hosts belonging to a site into account
• issue #4284: Whilst upgrading, errors in upgrade scripts prevent properly execution
• issue #4294: Tables outside of pre-built list that need fixing, cause bad unknown column errors
• issue #4295: If a page contains multiple tables, a larger table can cause small ones to lose columns
• issue #4297: Unable to search using regular expressions when trying to filter graphs
• issue #4312: When using CMD.PHP as the poller, warnings can appear if you only use a subset of data input types
• issue #4314: When disabling the snmpagent, you can introduce significant delay to data collection
• issue #4315: Reduce repeatative warnings when resources are exhausted
• issue #4316: Remove Spikes CLI interface is unable to provide localized spike, gap fill or float operations
• issue #4321: Earlier versions of RRDTool do not correctly ignore previous updates
• issue #4324: Date/Time format of replacement field on graph cannot be changed
• issue #4325: When editing graph items, make identifying rows easier
• issue #4326: When using large lists, ensure selection is visible in dropdown menus
• issue #4330: Automation attempts to call undefined debug function
• issue #4333: Under FreeBSD, allow ping to work properly for IPv6
• feature #4258: Update phpseclib to 2.0.31 by DavidLiedke
• feature #4283: Content Security Policy may block Plugin functionality
• feature #4317: Allow the Cacti administrator to perform bulk gap filling and floating in parallel
• feature #4322: Update pace.js to version 1.2.4

Reporting Issues

https://www.cacti.net/development/issues

Download Cacti or Spine

https://www.cacti.net/info/downloads

Thanks!
The Cacti Group

v1.2.17

Release of Cacti 1.2.17

Thank you everyone who are using Cacti and especially those helping to make Cacti better!

For additional details check out the README located on GitHub.

Contribute

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Cacti Change Log

• security #4019: Incorrect handling of fields led to potential XSS issues
• security #4022: SQL Injection was possible due to incorrect validation order (CVE-2020-35701)
• security #4035: Various XSS issues with HTML Forms handling
• issue: CLI scripts should not have a max allowed runtime
• issue: Normalize plugin hooks between user_admin.php and user_group_admin.php
• issue #1052: TimeZones are not handled correctly with Daylight Savings changes
• issue #3392: Allow plugins to customize device listing page
• issue #3879: Allow Graph/Data Source with custom fields to prompt during manual creation
• issue #3908: When poller overruns the script server can throw errors upon shutdown
• issue #3936: Editing a graph created from Aggregate Graph can fail
• issue #3945: CSV export can show NaN for date if TimeZone does not match system
• issue #3969: SNMPv3 Password field does not correctly limit to size of database field
• issue #3976: Font colors are being overridden leading to display issues by ddb4github
• issue #3977: Database upgrade may fail when using upgrade_database.php
• issue #3978: Input Validation was not handled correctly when displaying graph trees
• issue #3981: Missing API include leads to runtime errors in Automation
• issue #3985: Collation was not always handled correctly in the database library
• issue #3988: Automation raises errors when default snmp options is set to none
• issue #3990: PHP Information was not being displayed properly under Tech Support
• issue #3999: Ensure database audit code attempts to use passwordless options before sending credentials
• issue #4001: Ensure Cacti can support PHP 8
• issue #4002: Pollers may sometimes not recover properly once they go offline
• issue #4005: When viewing Realtime Graphs, validation errors may be seen for Size parameter
• issue #4008: Massive decrease in poller performance due to unset variable
• issue #4009: Ensure number format functions are consistent for i18n usage
• issue #4021: Increase maximum number of device threads
• issue #4031: Secondary filters on Data Collectors and Data Profiles do not work as expected
• issue #4033: Action Icons changed to be consistent with admin UI
• issue #4036: During discovery, Automation can throw unexpected errors due to null values
• issue #4038: When creating new graphs, a second click is required even if not needed
• issue #4042: RRD Updates can become disabled when saving performance options
• issue #4043: Boost can become unresponsive when large number of archive tables exist
• issue #4049: Enable sensitive graph information to be hidden from standard users by datatecuk
• issue #4050: When showing table conversion script, the example path can be displayed incorrectly
• issue #4056: Rename "Show Exceptions" checkbox to "Only Show Exceptions" which more actually reflects its function
• issue #4060: When attempting to get client address, incorrect information may be returned by stevenseeley
• issue #4061: When getting date format, default options are not always honored by xmacan
• issue #4066: Enable Boost to utilize multiple processes
• issue #4067: Disable BOOST image caching when using Graph Zoom features
• issue #4068: When viewing graphs, individual graph sizes can be ignored in favour of global default
• issue #4070: Summary data can fail to calculate when the RRDfile lacks the Data Source
• issue #4073: Zoom functionality can fail when a graph has lost focus.
• issue #4074: Realtime Images are not always adhering to defined format
• issue #4075: LDAP Settings lead to confusion when setting up LDAP authentication
• issue #4076: MariaDB tuning link points to a dead URL within System Utilities
• issue #4077: If user has no permissions assigned and tries to login, a redirect loop occours
• issue #4079: When checking current timestamps, make audit replace mysql function usage with preferred CURRENT_TIMESTAMP variable
• issue #4080: Cacti regular expression searching does not quote expressions
• issue #4082: RRDtool version detection not working for RRDproxy setup
• issue #4083: RRDCleaner does not support RRDproxy
• issue #4086: Large system performance negatively impacted due to $spikekill_templates behavior
• issue #4092: On large systems, Primary ID usage on heavily used tables will overflow due to default MySQL variable size
• issue #4095: When viewing Plugins page, icons can sometimes be misaligned
• issue #4098: Graphs and Data Sources lists can become unresponsive on very large systems
• issue #4100: When viewing User Admins, a division by zero error can sometimes be seen
• issue #4105: Allow admins to define bulk walk repetition sizes
• issue #4109: Realtime graphing can sometimes cause gaps in historic data
• issue #4110: Graph Variables are not always parsed correctly leading to errors in log files
• issue #4116: Upgrading large trees from 0.8.x to 1.x is slow
• issue #4117: Script server throws errors if a command line argument includes a backslash
• issue #4119: Implicit flushing is not always enabled, depending on OS, resulting in Script Server result issues
• issue #4121: LDAP search filter cannot be configured if too many OUs or filters are nested
• issue #4122: Automation causes SQL syntax errors when invalid operations are present
• issue #4125: On completing the installation wizard, an internal server error can sometimes be observed
• issue #4126: Deleting a damaged graph can sometimes led to removal of valid graphs too
• issue #4127: When updating Trees, graph titles are calculated too often leading to unresponsiveness
• issue #4130: On large systens, Graph creation can become unresponsive due to large number of data sources
• issue #4131: A design flaw makes importing new Graph Template slow on large systems
• issue #4134: MIB Caching does not always work as expected by Kveri
• issue #4135: On large Cacti installs, editing Data Templates is slow
• issue #4136: When repairing database at command line, no option exists to skip table checks and force Data Source repair
• issue #4141: Unusually long comments do not wrap when viewing graphs, and haven't in this CHANGELOG entry either
• issue #4143: Prevent some false positive scenarios when detection orphan graphs
• issue #4147: Poller items are evaluated too quickly when mixed polling cycles are used
• issue #4148: Ensure automatic refresh of cacti log view works consistently
• issue #4149: Ensure utilities show correct information when in offline mode
• issue #4161: Data source template names should be shown in the respective "suggested values" sections
• issue #4162: Allow Persistent Connections to MariaDB/MySQL to be configured
• issue #4164: Unable to easily track Cacti login sessions when using database sessions
• issue #4166: Auto-select text when focusing auto complete elements
• issue #4169: Ensure Log Viewer 'Go' and 'Clear' buttons behave as expected
• issue #4170: Enable full name tooltips for Alias/Description columns
• issue #4173: Ensure Console menu icons are properly aligned
• issue #4174: When using replication, ensure binary logging can be disabled
• issue #4175: When syncing Templates, prevent false 'Damaged Graph' notifications from appearing
• issue #4177: Simplify Graph/Template authorization searches when not using restricted mode
• issue #4179: Correct class usage on Graph Sidebar Icons to be consistent
• issue #4180: Remove logoff option when using basic authentication
• issue #4181: Ensure realm names are more consistent
• issue #4182: Allow Automatic Graph Creation to utilise Data Templates with Overriden Values
• issue #4183: Processes can be terminated early due to incorrect timeout calculation
• issue #4184: Ensure error logging is consistent when using CMD processor instead of spine
• issue #4185: Updating Signal Handling to recommended standards for PHP 7.1+
• issue #4186: When editing a Fixed String on Tree Rule it is improperly displayed as "Unknown"
• issue #4187: Provide more direct method fo navigating to Data Source from Graph
• issue #4188: Replacement variable names are difficult to find for Aggregate Graphs and Templates
• issue #4189: Allow links from a page to its specific documentation
• issue #4190: Augmenting roles can incorrectly link to roles instead of realms in rare cases
• issue #4192: Devices search can return a black screen if device name contains the hash/pound # character
• issue #4193: Allow command line reindex to work with disabled devices
• issue #4195: When search text includes # character, filtering does not always work as expected
• issue #4197: When attempting to do a rollback on versions, the installer will not restart
• issue #4199: Allow Cacti administrator to define a min refresh interval to prevent graph gaps
• issue #4205: When removing Data-query Associated Graph Templates, it deletes the graphs Templates from bottom to top
• issue #4206: When a report was delayed, the report's time is incorrectly changed
• issue #4215: Poller recovery starts multiple processes and fails to recover properly
• issue #4223: Parallel boost restart due to timeout can result in errors.
• issue #4227: When remote poller is in offline mode, data is written to more tables than necessary
• issue #4228: Under specific circumstances, redirection issues can occur after login
• issue #4229: When no snmp option is set, automation can incorrectly report a number of issues
• issue #4232: Database TLS configuration...

v1.2.16

Release of Cacti 1.2.16

Thank you everyone who are using Cacti and especially those helping to make Cacti better!

For additional details check out the README located on GitHub.

One more thing

In other news, TheWitness, one of our longest members, wrote a few words so feel free to read and comment if you have a few moments of your time:

https://forums.cacti.net/viewtopic.php?f=4&t=61413

Contribute

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Cacti Change Log

• issue #3704: When generating a report, the Cascade to Branches function does not as expected
• issue #3859: When viewing graphs, automatic refresh so not always work as expected
• issue #3898: Realtime graph pop up counter bug
• issue #3903: Undefined variable errors may occur when creating a new datasource
• issue #3907: The cli-based installer does not exit with a non-zero exit code when error occurs
• issue #3912: When an export is complete, sometimes the progress bar remains
• issue #3915: When enabling many devices, a threshold can be reached causing a slowdown in the process
• issue #3916: When performing actions against Devices, replicated device information could sometimes be lost
• issue #3917: When using API to rename a tree node, backtrace may be incorrectly shown
• issue #3919: When searching, valid pages can sometimes be shown as empty by ddb4github
• issue #3920: When exporting data from graphs, not all data was properly included
• issue #3924: Graph Templates filter is not updated after new graph created by ddb4github
• issue #3926: Username and password on the login page is not visible in Classic theme
• issue #3929: Improve wording of concurrent process and thread settings
• issue #3930: Location filter should remove blank entries by ddb4github
• issue #3931: When syncing data collectors, a reindex event may be triggered unnecessarily
• issue #3932: Automation Networks allows discovery of invalid IP addresses
• issue #3933: When changing permissions of the current user, they don't take effect immediately
• issue #3935: When reindexing a device, an incorrect page was sometimes displayed
• issue #3942: When repairing database, audit_database.php does not add missing columns
• issue #3948: Spine 1.2.15 - Spine Encountered An Unhandled Exception Signal Number: '6' [11, Resource temporarily unavailable] (Spine thread)
• issue #3949: Log page should not be empty if no log info exists
• issue #3953: During upgrade, there are times when realms can be duplicated leading to SQL errors
• issue #3957: When using ping.php, UDP response times are not interpreted properly by hypnotoad
• issue #3960: Improve warning you get when attempting to view a log file you don't have access to
• issue #3962: When replicating files, scripts are not marked as executable
• issue #3963: When creating plugin tables, collation is not set properly
• feature: Update c3.js to version 0.7.20
• feature: Update Chart.js to version 2.9.4
• feature: Update phpseclib to version 2.0.29
• feature: Update PHPMailer to version 6.1.8
• feature: Use LSB shebang notation for cli scripts
• feature: Add support for cactid daemon based launcher
• feature #3923: Add ability to hide the Graph Drilldown icons by datatecuk
• feature #3943: Add hooks for plugins to show custom Graph Source and custom Template URL (List View)

Reporting Issues

http://www.cacti.net/issues.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks!
The Cacti Group

v1.2.15

Release of Cacti 1.2.15

Thank you everyone who are using Cacti and especially those helping to make Cacti better!

For additional details check out the README located on GitHub.

Contribute

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Cacti Change Log

• issue #3643: When editing Maximum OIDs Per Get Request, blank value can cause errors
• issue #3656: Boost may run more often than it should
• issue #3693: Recache Event Loop can cause Interface Graphs to show gaps
• issue #3703: When searching Graph Tree's, non matching devices remain visible
• issue #3711: Page validation errors may occur when opening real time graphs
• issue #3722: External Links do not always open if they are still open from previous usage
• issue #3730: Cultural changes to various word usage
• issue #3741: Replicate deleted device status instead of poller sync
• issue #3743: Description field allows more characters entered than is stored
• issue #3747: When installing or upgrading, LDAP functions may not always be included properly
• issue #3748: Unable to remove discovered device
• issue #3753: When installing or upgrading, PHP recommendations may not always return a valid value
• issue #3755: Graph Templates has duplicate SQL delete statement
• issue #3759: When syncing to remote poller, missing function errors may occur
• issue #3760: When removing devices from remote pollers, devices may reappear without details
• issue #3761: When removing devices, array errors may sometimes be recorded
• issue #3763: Variable injection does not always work as expected
• issue #3764: Editing Data Queries with multiple data templates can give errors about Suggested values
• issue #3767: Progress bar does not provide enough visual information during long page loads
• issue #3768: Some themes do not allow for a way to see which user is currently signed in
• issue #3769: When viewing tables, allow users to force all columns to be visible
• issue #3770: Column sizing is being lost between pages refreshes
• issue #3771: When viewing input methods table, no ID is shown to help identify which method is being viewed
• issue #3775: Filters do not always respect using keyboard to initiate searching
• issue #3778: When exporting a data query, an invalid column name error can sometimes be shown
• issue #3781: When checking if a view is allowed, having no session can result in errors
• issue #3782: When removing devices via the CLI, undefined variable errors may be seen
• issue #3786: Real Time Graphs may cause invalid index errors
• issue #3790: On newer versions of MySQL/MariaDB, 'system' keyword can cause issues
• issue #3793: Plugin setup can generate errors when reading options via system function
• issue #3809: Plugin version numbers can be unexpectedly truncated
• issue #3815: When PHP Session is set to autostart, an error can be reported as Cacti attempts to start it
• issue #3820: When removing multiple items, selection process does not always work
• issue #3821: When exporting colors, the indicator is not always removed upon completion
• issue #3825: Unable to pass tree and leaf ID to 'graph_button' hook
• issue #3827: When performing maintenance, various errors may sometimes be seen
• issue #3828: When Guest User setting is active, current user is not always properly set
• issue #3831: When installing Cacti, minor errors in text can be seen
• issue #3835: Numbers are not always formatted properly when there are no decimal places
• issue #3836: When viewing Real Time Graphs, an undefined index error may be recorded
• issue #3844: Minor memory leaks and refresh issues when zooming on graphs
• issue #3847: Real Time Graphs may sometimes fail due to folder permissions
• issue #3849: Navigation can sometimes occur unexpectedly due to background timers
• issue #3850: Trees management screen not reporting correct number of trees
• issue #3858: Tree sequences can sometimes skip numbers during resorting
• issue #3862: Guest user selection should not allow setting the currently logged in user
• issue #3864: Links in Table Headers do not show clearly when in modern theme
• issue #3868: Under some cases tree logic leads to undefined index errors
• issue #3869: Cacti Data Debug can show errors if the Data Source is damaged or has been removed
• issue #3871: When importing a data query, an invalid column name error can sometimes be shown
• issue #3874: When using shift functions on graphs, negative values are not allowed
• issue #3881: Correct issue when file is unreadable reporting no file was specified
• issue #3883: Orphaned Plugins have no option to be removed
• issue #3884: Update MySQL recommendations for Character Set and Colation
• issue #3888: Correct sorting of IP addresses to be numeric not alpha by JamesTilt
• issue #3890: Saving a device should not always repopulate the poller cache
• feature: Update FontAwesome to Version 5.14

Reporting Issues

http://www.cacti.net/issues.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks!
The Cacti Group

v1.2.14

Release of Cacti 1.2.14

Thank you everyone who are using Cacti and especially those helping to make Cacti better!

For additional details check out the README located on GitHub.

If you are using 1.3.x via the develop branch then you may see notices in your
log files about PHP versions if you are running an outdated version of PHP.

In a week or two, we will be moving the minimum supported version of PHP forward
to be able to take advantage of newer PHP functionality including typing,
mutable datetime variables, etc.

This will [b]NOT[/b] affect the current 1.2.x branch which will continue to
receive patches whilst this development work is in progress.

Contribute

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Cacti Change Log

• issue #3676: Device not showing up in device page but showing up in Monitor tab
• issue #3678: More or Equal incorrect highlighting max_heap_table_size and tmp_table_size
• issue #3694: Spikekill percent is converted from percent to decimal twice, making it 1/100 of the true size
• issue #3713: When sorting data debug checks by user, no results are shown and errors recorded
• issue #3719: When tooltip is too long, the scroll bar exists, and cannot be scrolled, which makes the tooltip be hided
• issue #3723: Improper escaping of error message leads to XSS during template import preview
• issue #3728: Invalid uptime is not handled properly
• issue #3737: Poller functions may not run if 'processes' table is missing
• feature #3615: Poller keeps using old IP address for a device

Reporting Issues

http://www.cacti.net/issues.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks!
The Cacti Group

v1.2.13

Release of Cacti 1.2.13

Thank you everyone who are using Cacti and especially those helping to make Cacti better!

For additional details check out the README located on GitHub.

With this release, there are a number of CVE's that have been addressed. We would like to take this moment to thank those who have contributed to Cacti with special mention to:

Mayfly277
ddb4github
yingbaiibm
DavidLiedke
kim-fitness
bmfmancini
riversdev0

The Cacti Group are made up of volunteers where all help and contributions are appreciated. Thanks to GitHub's recent Sponsors program, you can now also contribute financially to the project by using the "Sponsors" button on the GitHub Cacti repository or when visiting https://github.com/sponsors/Cacti

We hope that you enjoy this release and that in the current unsettling climate, you are all safe and well.

Contribute

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Cacti Change Log

• security #3544: jQuery XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023)
• security #3549: Lack of escaping on some pages can lead to XSS exposure
• security #3582: Update PHPMailer to 6.1.6 (CVE-2020-13625)
• security #3622: SQL Injection vulnerability due to input validation failure when editing colors (CVE-2020-14295)
• security #3628: Lack of escaping on template import can lead to XSS exposure
• issue #3517: When generating reports, function looping can occur resulting in 100% cpu usage
• issue #3525: When viewing Graphs, zoom functionality prevents drag and drop of image
• issue #3527: When using 95th Percentiles, undefined index errors can be generated
• issue #3532: When using Realtime, if no graph contents are present an error is generated
• issue #3533: When exporting data, Start date for RRDfile does not match start date of first data row
• issue #3536: When using Navigation Menu, Show/Hide in Response mode does not always work
• issue #3538: When using Realtime, race conditions between browser and function loading can occur
• issue #3543: When exporting CSV data, Unicode prefix is not properly set
• issue #3551: Authentication can fail when using Web Basic Authentication and Template User
• issue #3553: When attempting to view an aggregate graph that does not exist, many errors are generated
• issue #3563: Current orphan handling disrupts graphing transient indexes
• issue #3566: Automation incorrectly attempts to use MacTrack to duplicate options
• issue #3567: When Boost runs, locks are not always released properly and crash is detected
• issue #3569: Invalid font results in large number of log entries
• issue #3571: Correct various runtime errors due to incorrect message variables
• issue #3574: Saving Graph Template Items take a long time on large systems
• issue #3577: Hosts are being incorrectly filtered when first displaying with filter set to all
• issue #3579: Graphs can incorrectly show as 'Empty Graph'
• issue #3581: Realtime graph window is not resizing properly
• issue #3588: Validation warnings are generated when viewing/editing devices
• issue #3594: Automation hangs for certain schedule types
• issue #3595: Template to Device sync text is not consistent
• issue #3596: When importing template, resources aren't checked properly
• issue #3597: Template to Device sync provides no feedback
• issue #3598: When editing graphs and graph templates, back button results in broken page
• issue #3599: When downgrading, templates are fully selected for install
• issue #3601: When a device is down, instate can show wrong time
• issue #3607: When session timeout occurs, subsequent authorized access to areas can become blocked
• issue #3611: Allow CHANGELOG to be viewable from the GUI
• issue #3613: When modifying trees, devices and graphs lists ignore Autocomplete Rows setting
• issue #3614: When section tabs wrap, the title of the first section can become obscured
• issue #3624: When previewing graphs, sometimes the images fail to appear
• issue #3629: Log files are not rotated properly on remote pollers
• issue #3631: Command line scripts do not allow an unlimited runtime causing timeouts
• issue #3632: When mysql connection fails, various unexpected errors are recorded
• issue #3635: Automate generates undefined index errors when communicating with remote pollers
• issue #3639: When updating a device, duplicate entry errors occur when inserting to the database
• issue #3646: Adding datasource fails from CLI due to missing function
• issue #3651: Editing any item on an Aggregate Graph that has been converted to a normal graph breaks entire graph
• issue #3655: Rare race condition between Boost and Poller can result in unexpected missing table errors
• issue #3659: When viewing logs, unexpected 'needle' errors can be seen on rare occasions
• issue #3663: Disabling a Data Collector can cause unexpected errors
• issue #3668: When Input Field is in error, message reports field will be highlighted which is incorrect
• issue #3669: When adding an Input Field, the Input Method can be renamed unexpected
• issue #3673: Spikekill does not receive correct avgnan value when launching from GUI
• issue #3676: Device not showing up in device page but showing up in Monitor tab
• issue #3681: Item movement arrows do not properly align on all themes
• issue #3682: When in 'Time Graph View' mode, Zoom features do not work correctly
• feature #3611: Allow CHANGELOG to be viewable from the GUI
• feature #3647: When adding datasource fails from CLI, created Datasource ID should be printed
• feature #3666: Update jstree.js to 3.3.10
• feature #3688: Update phpseclib to 2.0.28

Reporting Issues

http://www.cacti.net/issues.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks!
The Cacti Group

v1.2.12

Release of Cacti 1.2.12

Thank you everyone who are using Cacti and especially those helping to make Cacti better!

For additional details check out the README located on GitHub.

Contribute

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Cacti Change Log

• security #3467: Lack of escaping of color items can lead to XSS exposure (CVE-2020-7106)
• issue #3422: When Graph Item is not linked to a data source, Comments do not always get variables substituted correctly
• issue #3424: Hosts are being incorrectly filtered when no location filter is set
• issue #3427: When exporting to a CSV with unicode characters, contents can become garbled
• issue #3429: When using SNMP v3, Automation can report extraneous warnings
• issue #3432: Rare race condition exists when both boost and dsstats enabled
• issue #3434: When attempting to exploit Cacti using alert, unexpected errors can be seen
• issue #3436: Unable to login due to incorrect default of Cookie Domains in config.php.dist
• issue #3438: When upgrading to 1.2.11, installer can appear to stop at 42%
• issue #3447: SNMP Issues on recent version of PHP
• issue #3449: When viewing the installation wizard's directory permission step, items are overlapping unexpectedly
• issue #3450: When installing Cacti under XAMPP and PHP 7.4, exceptions are being recorded and installation fails
• issue #3452: New Content-Security-Policy prevents External Links from being opened
• issue #3454: Cacti's Reports are not displaying messages correctly
• issue #3457: Graphs can not properly handle negative axis values
• issue #3459: When installing a new remote poller, connection tests can incorrectly fail
• issue #3460: Addtional changes to allow plugin folder/display names to be handled better by ddb4github
• issue #3462: Increase default memory limit for cli scripts to prevent runtime memory issues
• issue #3463: When listing VDEF's, selecting 'has graph' can cause unexpected exceptions in logs
• issue #3468: Graph rules cannot be created for automation
• issue #3474: The SSL option to set the SSL_CA should be optional for Client Connections
• issue #3477: Boost leaking memory when a large number of Data Sources disabled
• issue #3478: Reindexing can sometimes run longer than expected
• issue #3479: When viewing the Data Query table interface, the Data Input Method should be right aligned
• issue #3483: When recording log entries, cacti should default to hyphenated date format
• issue #3484: When editing SNMP v3 passwords, previous setting is not obfuscated
• issue #3488: In automation, when viewing an 'SNMP option set', the private passphrase is in clear
• issue #3495: When installing templates, default 'all' selection will reset all existing graphs, removing customisations
• issue #3496: Graph Items can show a double percent sign incorrectly
• issue #3502: When viewing Graphs, can not switch between list, preview and tree submodes
• issue #3504: Viewing graphs before the poller has run for the first time can produce unexpected errors
• issue #3505: When viewing graph previews, clicking Go or Refresh prevents calendars from working
• issue #3506: After successfully logging in, a user can become automatically logged out again
• issue #3507: Changes to JavaScript's Storage API cause exceptions to be thrown
• issue #3510: Only guests can actually guest only pages, logged in users are denied access incorrectly
• issue #3512: When plugins update, registered files list cannot always be updated
• issue #3520: When viewing graphs, shifting time does not work when using non-english languages
• feature #3480: Created 'custom_denied' hook to allow customisation of permission denied notifications
• feature #3498: Update js.storage.js to 1.1.0
• feature #3499: Update jstree.js to 3.3.9
• feature #3500: Update phpseclib to 2.0.27

Reporting Issues

http://www.cacti.net/issues.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks!
The Cacti Group

v1.2.11

Release of Cacti 1.2.11

Thank you everyone who are using Cacti and especially those helping to make Cacti better! This release includes a few new features as an attempt to make forward progress on our roadmap, without introducing new bugs. So, the features introduced were those that had a lower risk of introducing undesirable behavior.

The team now hopes to focus more on our next major release while at the same time recognizing that additional issues exist that remain to be solved, and that new issues are likely to continue to be identified by the Cacti community. We will address those in the 1.2.x branch as before, but releases from the 1.2.x branch should decrease.

For additional details check out the README located on GitHub.

IMPORTANT: This release addresses a few minor security issues that should be noted. See the changelog below for details.

Contribute

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Change Log

-security#1566: Add SameSite support for cookies
-security#1985: Cookie should be properly verified against password
-security#3342: CSRF at Admin Email
-security#3343: Improper Access Control on disabling a user.
-security#3414: Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1
-issue#2265: When attempting to save Graph field, query_ifSpeed is not properly validated
-issue#2400: Allow ability to duplicate site settings
-issue#2428: Make plugins non-case sensitive for folder names, whilst allowing nicer display names
-issue#2580: When running DSSTATS, system isn't properly detecting that another is already running
-issue#2853: Discovered Devices filtering do not include snmp description or name
-issue#3231: Allow user to unlock a tree that has been locked for editing by another
-issue#3237: Report gets resent every poller cycle
-issue#3247: Language source files do not update "PO-Revision-Date" attribute
-issue#3261: Automation rules aren't run for new devices on remote data collectors
-issue#3296: Bad PHP memory limit values can result in failed upgrades
-issue#3299: When using php-snmp and setting SNMPv3, warning is now shown as library does not support it properly
-issue#3303: When installing under Windows OS, path expansion is not converted to PHP required format
-issue#3310: When using 32-bit OS, automation errors can be seen due to subnet mask calculations
-issue#3312: Console menu does not auto-expand for graph item editor page
-issue#3313: When installing, multiple issues can be seen due to bad packages
-issue#3314: Script Server has invalid debug code left in
-issue#3317: Warnings can appear from CSRF Magic library due to multiple token values being found
-issue#3319: Errors can occur upgrading from 0.8.x due to incorrectly detected data source profile id
-issue#3322: When searching for LDAP accounts, allow recursive searching
-issue#3330: Packages that are not properly formatted can cause installation issues
-issue#3334: When upgrading from 0.8.x Automation SNMP Options should be populated
-issue#3335: Unable to hide Device based Aggregate Graphs on Tree
-issue#3336: Plugins need the ability to relax some content security policies in order to work properly
-issue#3340: Undefined variable warning can appear when using 95th percentile graphs
-issue#3341: MoTranslator does not appear to be handing null values properly
-issue#3345: When attempting to refresh datetime picker, unexpected results can appear
-issue#3346: When attempting to rewrite octet strings, extra space breaks pattern matching
-issue#3348: When attempting to handle Orphans and/or Sync Graphs, results are not as expected
-issue#3349: Prevent setting the PHP variable max_input_vars since it is read only
-issue#3350: When editing a data source template, inconsistent results can be seen due to database query
-issue#3355: When viewing raw graph data via the GUI, values are not always calculated correctly
-issue#3357: Tree Search textbox resizes to 0 in some cases
-issue#3360: When using guest accounts, after several timeouts result in refreshes, guest becomes logged out
-issue#3363: The current user and user group permissions pages are not responsive
-issue#3367: When Data Queries timeout, data is removed from the Host SNMP Cache table causing issues
-issue#3368: Saving a Graph Template Item fails due to missing includes
-issue#3373: When logging in via LDAP, ActiveDirectory would sometimes report insufficient access
-issue#3375: When polling more often than default period of collecting data, distribution of collected data was not
occurring
-issue#3376: Improve speed when recovering from a poller from offline state
-issue#3378: When attempting to check whether to include MoTranslator, typo makes it appear unavailable
-issue#3380: php error when trigger threshold sendmail
-issue#3386: Second data collector shows as running when its has no items to gather
-issue#3387: Minor corrections to CSRF Magic
-issue#3388: Naming of CLI programs does not always match name used within syntax usage advice
-issue#3390: Incorrect breadcrumb bar if current tab is not "Graphs"
-issue#3402: Cacti scores low on performance audit on lighthouse audit
-issue#3408: CSRF Secret path is not passed properly when attempting to initialize secret
-issue#3409: Issues with navigation link activations to other base Cacti pages
-issue#3410: Zoom looses focus in advanced mode while crossing chart border
-issue#3411: When upgrading a primary server, full synchronization is not happening as expected
-issue#3412: When upgrading a primary server, automation templates are removed
-issue#3413: When upgrading and choosing to upgrade your packages, installer finishes without package data in log
-feature#1551: Allow system uptime to be a variable for use with graphs
-feature#1990: Plugin Realm should have a 'role' to help maintain changes between plugins
-feature#2110: Add Refresh Interval to Data Collectors display
-feature#2156: Add Location based filtering
-feature#2236: Allow for Purging of Data Source Statistics from the GUI
-feature#2268: Restore ability to duplicate a data profile
-feature#2534: Enhance table navigation bars to support systems with larger number of items
-feature#2688: Increase length of Graph Item 'value' field to support pango-markup better
-feature#3304: Allow Basic Auth Accounts to be mapped by CSV file
-feature#3366: Make form elements under checkbox_groups flow using flex grid style
-feature#3374: Set the domain attribute to secure cookies for the 'remember me' option
-feature#3403: Enhance the "Graph Debug Mode" to display RRDtool Command lengths and excess warnings

v1.2.10

Release of Cacti 1.2.10

Thank you everyone who are using Cacti and especially those helping to make Cacti better!

For additional details check out the README located on GitHub.

IMPORTANT: This release addresses one new CVE that was reported. For more information see the changelog.

Contribute

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Change Log

-security#3285: When guest users have access to realtime graphs, remote code could be executed (CVE-2020-8813)
-issue#3240: When using User Domains, global template user is used instead of the configured domain template user
-issue#3245: Unix timestamps after Sep 13 2020 are rejected as graph start/end arguments
-issue#3246: When upgrading with remote collectors, sync status does not always return properly
-issue#3250: When PHP memory limit is set to -1, recommendation value fails
-issue#3253: Upgrade can stall when checking permissions on csrf-secret.php
-issue#3254: Installer shows script owner rather than running user for suggested chown command
-issue#3266: When setting User Groups to 'Defer to the User', setting can lead to user being told they have no permissions
-issue#3269: When searching Graphs under a Chinese language, an unexpected error as sometimes shown
-issue#3274: When editing a tree, multiple device drag/drop does not work
-issue#3276: When spine aborts, script server can be left wanting or generating unnecessary logs
-issue#3277: When boost does not find an initial time, numeric errors can be raised
-issue#3281: When changing Graph Template options, incorrect image format may be selected
-issue#3282: Graph's can be sized incorrectly if image is SVG format
-issue#3283: When setting a file path, valid characters not recognised properly
-issue#3287: When using graph template 'Cacti Stats - User Logins', an incorrect count of invalid users can be seen
-issue#3288: When on Device page, pressing 'Go' on the filter caused Device New menu pick to appear
-issue#3289: When using CMD.PHP, poller id is not always shown properly
-issue#3290: When using CMD.PHP, inconsistent device logging levels may occur
-issue#3298: When initialising fields in JavaScript, text/textarea elements have width set to zero if it is hidden by parent by ddb4github
-issue#3302: Editing a Graph Template does not show the Data Template name

v1.2.9

Release of Cacti 1.2.9

Thank you everyone who are using Cacti and especially those helping to make Cacti better!

For additional details check out the README located on GitHub.

IMPORTANT: This release addresses two CVE's that were reported. For more information see the changelog.

Contribute

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Change Log

-security#3191: Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106)
-security#3201: Remote Code Execution due to input validation failure in Performance Boost Debug Log (CVE-2020-7237)
-issue#2937: Devices still show in lists despite being deleted
-issue#3038: When editing an aggregate on smaller screens, layout may not be correct
-issue#3136: Upgrade may fail between 1.2.7 and 1.2.8 if incompatible database format used
-issue#3142: Chrome sets graphs tree navigation view to width 0px
-issue#3146: Unable to create aggregate graphs on new installations
-issue#3149: After refresh of page, tooltips stop working
-issue#3150: When using Time Graph View, Zooming can cause errors
-issue#3151: Passing glue string after array is deprecated in PHP 7.4
-issue#3155: Aggregate does not correctly follow color template when reordered
-issue#3156: On new installs, gprint_format was missing from table aggregate_graphs
-issue#3157: Back button not working properly with Classic theme
-issue#3158: Classic theme show only 3 tabs on mobile device. Don't show Console menu
-issue#3159: PHP Memory is not correctly identified when value is not in megabytes
-issue#3161: When the poller_output_boost table is missing, recreate it before a poller run
-issue#3163: When using RPMlint, Free Software Foundation address is shown to be incorrect
-issue#3165: Zoom looses its focus after all graphs on page rendered
-issue#3166: When changing zoom level, graphs are resized inappropriately at the end
-issue#3167: Installer should initialize the csrf-secret.php file automatically
-issue#3168: sqltable_to_php.php script does not pick up row_format
-issue#3177: Remove legacy plugin hook that presents potential 3rd party security issues
-issue#3178: The change password page is not displaying the rules
-issue#3180: Receiving undefined index errors when working with some Data Queries
-issue#3181: When configuration file is unreadable, Cacti shows database connection errors if non defaults are needed
-issue#3182: When a database connection error occurs, there is no way to report actual error
-issue#3184: Improve program path detection by using system path and PHP_BINDIR
-issue#3193: Starting with MySQL 5.7 some sql_mode variables are required for some plugins
-issue#3196: Minimize use of eval() in JavaScript due to emerging Content-Security-Context guidelines
-issue#3200: Unable to mass change Graph Template image format in mass
-issue#3206: Converted aggregate graph cannot be edited
-issue#3209: Error occurs when Creating New Graphs through Automatically Added Devices using Sync Device Template
-issue#3216: When editing a Data Source Profile size is shown as 'N/A'
-issue#3224: When removing graphs by command line, regex is not properly validated when empty
-issue#3225: Unable to Import Templates due to invalid dependency hash
-issue#3226: When processing secpass login, failed logins are not recorded
-issue#3228: Login page does not remember the last realm used by user
-issue#3232: When editing HRULE and VRULE items, color selector was not presented
-issue#3233: When working with non-templated graphs, it can be difficult to determine what items represent
-issue#3235: Transient errors may occur with table poller_output_boost_arch