latest version: 0.8.8c
 
 Cacti (home)ForumsRepositoryDocumentation

Cacti: The complete RRDTool-based graphing solution.
 
Latest Files
cacti-0.8.8c.tar.gz...
cacti-0.8.8c.zip...

Information
What is Cacti?
Features
Changelog
Screen Shots

Downloads
Download Cacti
Official Patches

Spine (Cactid)
Information
Changelog
Download
Official Patches
Installation

Development
Road Map
SourceForge
SVN Repository
Browse SVN
Report a Bug

Support
Documentation
Forums
Mailing Lists
FAQ

Donate
Support Cacti
Contributers

Release Notes - 0.8.7f

Important Security Fixes

  • SQL injection and shell escaping issues reported by Bonsai Information Security (http://www.bonsai-sec.com)
  • Cross-site scripting issues reported by VUPEN Security (http://www.vupen.com)
  • MOPS-2010-023: Cacti Graph Viewer SQL Injection Vulnerability (http://php-security.org)

Important Bug Fixes and Features

There are quite a few bug fixes in the 0.8.7f release. Some highlights include:

  • Fixed various issues with exporting and importing templates that contain special characters
  • Fixed condition that could cause RRDtool to segfault
  • Many fixes to html generation and presentation

Important Notices

  • Boost 4.0 Plugin is required to work with Cacti 0.8.7f

Changelog

security: SQL injection and shell escaping issues reported by Bonsai Information Security (http://www.bonsai-sec.com)
security: Cross-site scripting issues reported by VUPEN Security (http://www.vupen.com)
security: MOPS-2010-023: Cacti Graph Viewer SQL Injection Vulnerability (http://php-security.org)
bug#0001125: XML parse error on template import with degree symbol
bug#0001311: Access denied for graph-only users when accessing index.php directly
bug#0001366: Exported data templates do not import special characters properly
bug#0001416: Graph Export fails with EXPORT FATAL ERROR: Export path /some/path/root/export is within a system path /root. Can not continue.
bug#0001452: Missing "<" and ">" in "Collection Methods=>Data Input Methods=>"Input String" after importing template
bug#0001461: Data query export/import fails
bug#0001492: RRDTool 1.3 series fonts (fontconfig) support
bug#0001506: Reindexing fails due to global include issue in lib/snmp.php
bug#0001522: Special characters break parsing of template data
bug#0001524: Export graphs and Classical Presentation does not honor per graph export rules
bug#0001528: ICMP Ping availabilty broken in UI for Windows Servers using IIS
bug#0001535: No display of parent ID in tree nodes for CLI tree add script
bug#0001543: All graphs are exported dispite graph export rules
bug#0001549: Function array_to_sql_or creates poor sql where clauses
bug#0001557: Quotes in Text Format graph template field break graph rendering
bug#0001587: 64bit HEX Strings don't convert to Decimal on 32bit Systems
bug#0001604: HEX Counter values enclosed in quotes not recognized as HEX
bug#0001609: Script server timeout too aggressive with 10 second poller interval
bug#0001628: Inconsistent message for Change SNMP Options related to available buttons
bug#0001695: Suppress deprecated warnings in Cacti code
bug#0001725: PHP Fatal Error while trying to add a tree node via cli
bug: When creating new graphs without a data source, print error to user instead of throwing php error
bug: Browser query string does not contain arguments
bug: Function inject_form_variables does not operate if more than 1 variable needs replacing
bug: Script imposed memory limits cause issues with some scripts
bug: Turn off process leveling if there are not enough poller items to substantiate it
bug: Add device should allow no-snmp type devices
bug: Firefox Autocomplete causes issues with password validation
bug: Access Denied messages don't allow re-direction to login page
bug: When clearing filter on new-graphs don't clear host or template
bug: When clearing filter, reset page to 1 for all queries
bug: Graph List selectors do not persist between pages
bug: allow empty [upper|lower]_limit even without autoscaling
bug: Availability method Ping or SNMP generates meaningless warnings
feature: Add logging to SQL Save error handling
feature: Add utility to convert database to InnoDB
feature: Return nav as the title for the page
feature: Detect and correct for RRDtool segfaults
feature: Add rra_id for hosts and graphs to be used during tree export
feature: Make the Graphs pages render like the rest of Cacti
feature: Convert base Cacti UI to use buttons and not images
feature: Make poller sane so that it can be used by other cacti processes
feature: Add snmp timeout warnings for lib/snmp.php
 
 
 
Copyright © 2004-2012 The Cacti Group, Inc. - Cacti is the registered trademark The Cacti Group, Inc.


PHP      RRDTool