Release of Cacti 1.2.10

Important information about Cacti developments that all users should be interested in.

Moderators: Developers, Moderators

Locked
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Release of Cacti 1.2.10

Post by netniV »

Subject: Release of Cacti 1.2.10

Body:
Release of Cacti 1.2.10

Thank you everyone who are using Cacti and especially those helping to make Cacti better!

For additional details check out the README located on GitHub.

IMPORTANT: Prior to this release, 1.2.10, a flaw existed which allowed a malicious actor to execute remote code by use of Guest Accounts with Real Time Access.

This can be countered using any of the following:
  • Ensure PHP greater than 7.1
  • Disabled Guest Account
  • Disabled Guest access to Real Time Graphs
  • Use Cacti 1.2.10+


Contribute

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

Cacti Change Log
  • security#3285: When guest users have access to realtime graphs, remote code could be executed (CVE-2020-8813)
  • issue#3240: When using User Domains, global template user is used instead of the configured domain template user
  • issue#3245: Unix timestamps after Sep 13 2020 are rejected as graph start/end arguments
  • issue#3246: When upgrading with remote collectors, sync status does not always return properly
  • issue#3250: When PHP memory limit is set to -1, recommendation value fails
  • issue#3253: Upgrade can stall when checking permissions on csrf-secret.php
  • issue#3254: Installer shows script owner rather than running user for suggested chown command
  • issue#3266: When setting User Groups to 'Defer to the User', setting can lead to user being told they have no permissions
  • issue#3269: When searching Graphs under a Chinese language, an unexpected error as sometimes shown
  • issue#3274: When editing a tree, multiple device drag/drop does not work
  • issue#3276: When spine aborts, script server can be left wanting or generating unnecessary logs
  • issue#3277: When boost does not find an initial time, numeric errors can be raised
  • issue#3281: When changing Graph Template options, incorrect image format may be selected
  • issue#3282: Graph's can be sized incorrectly if image is SVG format
  • issue#3283: When setting a file path, valid characters not recognised properly
  • issue#3287: When using graph template 'Cacti Stats - User Logins', an incorrect count of invalid users can be seen
  • issue#3288: When on Device page, pressing 'Go' on the filter caused Device New menu pick to appear
  • issue#3289: When using CMD.PHP, poller id is not always shown properly
  • issue#3290: When using CMD.PHP, inconsistent device logging levels may occur
  • issue#3298: When initialising fields in JavaScript, text/textarea elements have width set to zero if it is hidden by parent by ddb4github
  • issue#3302: Editing a Graph Template does not show the Data Template name
Reporting Issues

http://www.cacti.net/issues.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php


Thanks!
The Cacti Group
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
Locked

Who is online

Users browsing this forum: No registered users and 2 guests