Release Notes - 0.8.6e
Important Security Fixes
Additional checks have been added to prevent potential SQL injection attacks from unchecked user input. Additionally, two security holes regarding potential cross site scripting attacks have been closed. Both of these vulnerabilities have been disclosed by the iDEFENSE security group.
Important Bug Fixes
The minimum and maximum value fields for data sources now allow unknown values (U) which can be used to represent an undefined upper or lower bound.
Data input method field checking is now handled properly for data templates. This bug was responsible for causing the infamous "Duplicate data source" error in previous versions.
When running a poller with many concurrent processes, gaps would appear on the graphs for certain users. The code responsible for this bug has been removed from the poller.
Multiple issues with RRDtool 1.2 support were addressed related to the graph zoom feature, fonts, and graphs using the STACK item.
Basic filtering functionality has been added to the devices screen which should make it more manageable for large installations.
Additional support for RRDtool 1.2 fonts has been added to both the global and user settings screens.
When deleting a device, if data sources are kept, they are now disabled to prevent issues with the poller. In addition, the ability to enable and disable data sources has been added to the user interface.
This version introduces multiple SQL changes that users should be aware of. While none of these changes are major, creating a backup of your Cacti database prior to upgrading is always recommended. The individual changes are listed below.
- Quite a few unused indexes have been dropped for performance and storage reasons.
- Changes have been made to the graph and data source tables to allow for logarithmic upper and lower bounds.
- A few indexes have been added to the graph tree tables to help improve the rendering time of the graph tree.
- A few indexes have been added to help the performance of the "Clear Poller Cache" function.
Update 06/22/2005: For users of RRDtool 1.2, version 1.2.2 or higher is required in this version. This is due to additional support that has been added for RRDtool 1.2.
bug#0000143: Allow the user to enter 'U' for unknown minimum and maximum data source input values.
bug#0000377: Fix logarithmic graph creation issues.
bug#0000392: Implement caching to reduce the number of SQL queries needed to render the graph tree.
bug#0000402/#0000457: Allow bounds to be set properly for logarithmic graph creation.
bug#0000428: Unable to try login again after Access Denied.
bug#0000450: Force strict checking for data query parsing to prevent numeric values from being incorrectly handled.
bug#0000453: SPAN tag between each character of GraphTitle in Graph Management.
bug#0000458: Generate and error message and exit poller.php if the cactid binary path is invalid.
bug#0000463: Fix Syslog logging of poller statistics.
bug#0000464: Remove dates from Syslog generated messages.
bug#0000465: Allow for the mass resize of graphs.
bug#0000471: Remove the graph 'Settings' tab if the user is not allowed to save graph settings.
bug#0000478: Validate field input values on the Data Templates page. Prevent duplicate data template items from appearing as a result of this bug.
bug#0000481: Add several checks to prevent PHP errors when parsing data query XML files.
bug: Graph zoom feature had incorrect bounding box when using RRD 1.2.x
bug: Speed the generation of the Tree View Dual Pane by caching the Tree to a local session variable.
bug: Handle STACK graph items properly in RRDtool 1.2.
bug: Prevent data query recaches if the device returns empty input.
bug: Fix potential issues with graph gaps when using a large number of poller processes.
bug: Fix issues when zooming with new RRDtool 1.2 title fonts with a point size other than 10.
bug: Fix issues when zooming outside of the select areas causing a broken graph
bug: Fix issues experienced when users attempted to create custom graphs and thousands of data sources exist
feature: Add ability to filter by host status as well as add ability to filter accross both description and hostname
feature: Add additional options to control RRDtool 1.2 fonts.
feature: Allow the user to Enable/Disable Data Sources from the user interface and automatically disable hosts when deleting a device.
feature: Add Data Source information to the Cacti Log File to assist with troubleshooting.
feature: Add html links to both hosts and data sources in the Cacti Log File.
security: Fix several remote inclusion bugs that were exploitable when PHP's 'register_global' feature is turned on [IDEF0941], [IDEF1023], [IDEF1024].
security: Fix several SQL injection bugs due to improper input validation [IDEF1001].