Thank you everyone who are using Cacti and especially those helping to make Cacti better!
For additional details check out the README located on GitHub.
With this release, there are a number of CVE's that have been addressed. We would like to take this moment to thank those who have contributed to Cacti with special mention to:
Mayfly277
ddb4github
yingbaiibm
DavidLiedke
kim-fitness
bmfmancini
riversdev0
The Cacti Group are made up of volunteers where all help and contributions are appreciated. Thanks to GitHub's recent Sponsors program, you can now also contribute financially to the project by using the "Sponsors" button on the GitHub Cacti repository or when viisting https://github.com/sponsors/Cacti
We hope that you enjoy this release and that in the current unsettling climate, you are all safe and well.
Contribute
Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!
Cacti Change Log
- security#3544: jQuery XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023)
- security#3549: Lack of escaping on some pages can lead to XSS exposure
- security#3582: Update PHPMailer to 6.1.6 (CVE-2020-13625)
- security#3622: SQL Injection vulnerability due to input validation failure when editing colors (CVE-2020-14295)
- security#3628: Lack of escaping on template import can lead to XSS exposure
- issue#3517: When generating reports, function looping can occur resulting in 100% cpu usage
- issue#3525: When viewing Graphs, zoom functionality prevents drag and drop of image
- issue#3527: When using 95th Percentiles, undefined index errors can be generated
- issue#3532: When using Realtime, if no graph contents are present an error is generated
- issue#3533: When exporting data, Start date for RRDfile does not match start date of first data row
- issue#3536: When using Navigation Menu, Show/Hide in Response mode does not always work
- issue#3538: When using Realtime, race conditions between browser and function loading can occur
- issue#3543: When exporting CSV data, Unicode prefix is not properly set
- issue#3551: Authentication can fail when using Web Basic Authentication and Template User
- issue#3553: When attempting to view an aggregate graph that does not exist, many errors are generated
- issue#3563: Current orphan handling disrupts graphing transient indexes
- issue#3566: Automation incorrectly attempts to use MacTrack to duplicate options
- issue#3567: When Boost runs, locks are not always released properly and crash is detected
- issue#3569: Invalid font results in large number of log entries
- issue#3571: Correct various runtime errors due to incorrect message variables
- issue#3574: Saving Graph Template Items take a long time on large systems
- issue#3577: Hosts are being incorrectly filtered when first displaying with filter set to all
- issue#3579: Graphs can incorrectly show as 'Empty Graph'
- issue#3581: Realtime graph window is not resizing properly
- issue#3588: Validation warnings are generated when viewing/editing devices
- issue#3594: Automation hangs for certain schedule types
- issue#3595: Template to Device sync text is not consistent
- issue#3596: When importing template, resources aren't checked properly
- issue#3597: Template to Device sync provides no feedback
- issue#3598: When editing graphs and graph templates, back button results in broken page
- issue#3599: When downgrading, templates are fully selected for install
- issue#3601: When a device is down, instate can show wrong time
- issue#3607: When session timeout occurs, subsequent authorized access to areas can become blocked
- issue#3611: Allow CHANGELOG to be viewable from the GUI
- issue#3613: When modifying trees, devices and graphs lists ignore Autocomplete Rows setting
- issue#3614: When section tabs wrap, the title of the first section can become obscured
- issue#3624: When previewing graphs, sometimes the images fail to appear
- issue#3629: Log files are not rotated properly on remote pollers
- issue#3631: Command line scripts do not allow an unlimited runtime causing timeouts
- issue#3632: When mysql connection fails, various unexpected errors are recorded
- issue#3635: Automate generates undefined index errors when communicating with remote pollers
- issue#3639: When updating a device, duplicate entry errors occur when inserting to the database
- issue#3646: Adding datasource fails from CLI due to missing function
- issue#3651: Editing any item on an Aggregate Graph that has been converted to a normal graph breaks entire graph
- issue#3655: Rare race condition between Boost and Poller can result in unexpected missing table errors
- issue#3659: When viewing logs, unexpected 'needle' errors can be seen on rare occasions
- issue#3663: Disabling a Data Collector can cause unexpected errors
- issue#3668: When Input Field is in error, message reports field will be highlighted which is incorrect
- issue#3669: When adding an Input Field, the Input Method can be renamed unexpected
- issue#3673: Spikekill does not receive correct `avgnan` value when launching from GUI
- issue#3676: Device not showing up in device page but showing up in Monitor tab
- issue#3681: Item movement arrows do not properly align on all themes
- issue#3682: When in 'Time Graph View' mode, Zoom features do not work correctly
- feature#3611: Allow CHANGELOG to be viewable from the GUI
- feature#3647: When adding datasource fails from CLI, created Datasource ID should be printed
- feature#3666: Update jstree.js to 3.3.10
- feature#3688: Update phpseclib to 2.0.28
http://www.cacti.net/issues.php
Download Cacti
http://www.cacti.net/download_cacti.php
Download Spine
http://www.cacti.net/spine_download.php
Thanks!
The Cacti Group