Thank you everyone who are using Cacti and especially those helping to make Cacti better!
For additional details check out the README located on GitHub.
IMPORTANT: There have been a number of security issues that have been addressed in this release. It is
advised to upgrade all existing platforms to this release as soon as possibly to avoid possible issues.
Along with the release of Cacti 1.2.27, several plugins have been updated/added so please check out
Thold (v1.8), MacTrack (v4.7) and the new ServCheck (v0.1) on their github repositories.
We would personally like to thank @xmacan for all his efforts, especially with the new ServCheck, as well
as all the users of Cacti who are contributing to the community on GitHub and in the forums. You know who
you are.
Contribute
Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!
Cacti Change Log
- security#GHSA-37x7-mfjv-mm7m: Authentication Bypass when using using older password hashes
- security#GHSA-7cmj-g5qc-pj88: RCE vulnerability when importing packages
- security#GHSA-cx8g-hvq8-p2rv: RCE vulnerability when plugins include files
- security#GHSA-gj3f-p326-gh8r: SQL Injection vulnerability when using tree rules through Automation API
- security#GHSA-grj5-8fcj-34gh: XSS vulnerability when using JavaScript based messaging API
- security#GHSA-jrxg-8wh8-943x: SQL Injection vulnerability when using form templates
- security#GHSA-p4ch-7hjw-6m87: XSS vulnerability when reading tree rules with Automation API
- security#GHSA-rqc8-78cm-85j3: XSS vulnerability when managing data queries
- security#GHSA-vjph-r677-6pcc: SQL Injection vulnerability when retrieving graphs using Automation API
- issue#5622: Improve PHP 8.3 support
- issue#5628: When importing packages via command line, data source profile could not be selected
- issue#5629: When changing password, returning to previous page does not always work
- issue#5636: When using LDAP authentication the first time, warnings may appear in logs
- issue#5638: When editing/viewing devices, add IPv6 info to hostname tooltip
- issue#5645: Improve speed of polling when Boost is enabled
- issue#5648: Improve support for Half-Hour time zones
- issue#5649: Improve support of ping on Windows
- issue#5655: When user session not found, device lists can be incorrectly returned
- issue#5660: On import, legacy templates may generate warnings
- issue#5661: Improve support for alternate locations of Ping
- issue#5662: Improve PHP 8.1 support for Installer
- issue#5669: Fix issues with number formatting
- issue#5677: Improve PHP 8.1 support when SpikeKill is run first time
- issue#5693: Improve PHP 8.1 support for SpikeKill
- issue#5696: When using Chinese to search for graphics, garbled characters appear.
- issue#5701: When importing templates, preview mode will not always load
- issue#5720: When remote poller is installed, MySQL TimeZone DB checks are not performed
- issue#5723: When Remote Poller installation completes, no finish button is shown
- issue#5725: Unauthorized agents should be recorded into logs
- issue#5726: Poller cache may not always update if hostname changes
- issue#5727: When using CMD poller, Failure and Recovery dates may have incorrect values
- issue#5731: Saving a Tree can cause the tree to become unpublished
- issue#5732: Web Basic Authentication does not record user logins
- issue#5733: When using Accent-based languages, translations may not work properly
- issue#5743: Fix automation expressions for device rules
- issue#5748: Improve PHP 8.1 Support during fresh install with boost
- feature#5692: Add a device "enabled/disabled" indicator next to the graphs
- feature#5710: Notify the admin periodically when a remote data collector goes into heartbeat status
- feature#5716: Add template for Aruba Clearpass
- feature#5730: Add fliter/sort of Device Templates by Graph Templates
http://www.cacti.net/issues.php
Download Cacti
http://www.cacti.net/download_cacti.php
Download Spine
http://www.cacti.net/spine_download.php
Thanks!
The Cacti Group