Release Notes - 0.8.6j
Important Security Fixes
Multiple security vulnerabilities have been discovered in Cacti's PHP-based poller. See below for additional information.
- CVE-2006-6799: Cacti Command Execution and SQL Injection Vulnerabilities
It is highly recommended that all users upgrade immediately. For users whom are unable to upgrade, two different patches have been provided.
Important Bug Fixes
A few minor bugs have been fixed in this release. See the changelog below for complete details.
No SQL changes have been made in this release.
bug#0000842: SNMPv3 password field does not check if entered passwords match.
bug#0000848: Fix "PHP Script Server communications lost" error in the poller under high network load.
bug#0000859: User log "purge" now keeps the last successful login.
bug#0000861: Use downed host detection even when the SNMP community is blank.
bug#0000864: Apply natural sort to graph items in the tree.
bug#0000867: Apply various cleanups to poller.php and lib/poller.php.
bug#0000870: Add sorting to the graph templates list on the "Change Graph Template" page.
bug#0000877: Fix issue that caused PHP 5.2.0 to break the Windows cmd.php poller.
bug#0000882: Add "collapsible" branches to the graph tree editor.
bug#0000883: Fix exploit in cmd.php with register_argc_argv enabled in PHP.
bug#0000884: Add bottom navigation bar to graph viewing.
bug#0000885: Fix issue causing spaces to be removed when importing/exporting data input methods.
bug#0000886: Allow SNMP ping to utilize the snmpgetnext call instead of snmpget.
bug#0000890: Fix issue with dec-vulnerability-poller patch breaking graph_view.php.
bug#0000892: Fix hostname sorting on the devices page for IP addresses.
bug#0000894: poller.php does not give any output with MySQL disabled in CLI's php.ini.
bug: Template export produces invalid XML escaped character encoding.
bug: Data queries were not sorted properly during initial display.
bug: Apply various graph changes required for Boost plugin.
bug: If your system has no hosts or graphs, you would get a warning when creating new graphs.
bug: If using the CGI version of PHP, the script server risked not starting properly.