Cacti (home)ForumsRepositoryDocumentation

Official Cacti Documentation Site

Cacti Docs user ids are linked to your http://bugs.cacti.net account.

Release of Cacti 0.8.8c

We the Cacti Group are proud to release the following:

  • Cacti 0.8.8c
  • Spine 0.8.8c

Important Security Fixes

  • CVE-2013-5588 - XSS issue via installer or device editing
  • CVE-2013-5589 - SQL injection vulnerability in device editing
  • CVE-2014-2326 - XSS issue via CDEF editing
  • CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
  • CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
  • CVE-2014-4002 - XSS issues in multiple files
  • CVE-2014-5025 - XSS issue via data source editing
  • CVE-2014-5026 - XSS issues in multiple files

Important Updates

  • New graph tree view
  • Updated graph list and graph preview
  • Refactor graph tree view to remove GPL incompatible code
  • Updated command line database upgrade utility
  • Graph zooming now from everywhere

Cacti 0.8.8c Change Log

  • bug#0002228: GPL incompatible files included in Cacti project in include/treeview
  • bug#0002383: Sanitize the step and id variables CVE-2013-5588, CVE-2013-5589
  • bug#0002385: Cannot export host templates while including dependencies
  • bug#0002386: cli/upgrade_database.php is missing the last two releases
  • bug#0002390: Poller/script issue with slash and backslash
  • bug#0002405: SQL injection in graph_xport.php
  • bug#0002431: CVE-2014-2326 Unspecified HTML Injection Vulnerability
  • bug#0002432: CVE-2014-2327 Cross Site Request Forgery Vulnerability - Special Thanks to Deutsche Telekom CERT
  • bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
  • bug#0002434: Suppress SNMP UNITS Suffix from cacti_snmp_get() output
  • bug#0002438: Down Host Detection issue when using SNMP Desc or SNMP getNext
  • bug#0002446: Subtract plugin processing time from Poller sleep time
  • bug#0002453: CVE-2014-4002 Cross-Site Scripting Vulnerability - Special Thanks to G. Geshev (munmap)
  • bug#0002455: Incomplete and incorrect input parsing leads to remote code execution and SQL injection attack scenarios
  • bug#0002456: CVE-2014-5025 / CVE-2014-5026 - Cross-Site Scripting Vulnerability - Special Thanks to Adan Alvarez and Paul Gevers
  • bug: Fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution
  • bug: Fix issues when SNMP data holds a ”=”; “explode” must be treated accordingly
  • bug: Fix filter highlighting on data sources for the data template field
  • bug: correct description of SNMP V3 parameters
  • feature: Added native jquery, jqueryui, and jstree
  • feature: Fixed issues with 'Clear' under preview not working
  • feature: Added new Tree navigation
  • feature: Added Columns and Thumbnails to Preview
  • feature: Added Columns to Tree (Preview only)
  • feature: Both Graphs and Columns default to 'Default'
  • feature: Resolved Left hand navigation taking entire page
  • feature: Added new graph zoom to tree view and preview offering a “quick” (default) and an “advanced” mode

Reporting Bugs

http://www.cacti.net/bugs.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks!

The Cacti Group

http://forums.cacti.net/viewtopic.php?f=4&t=53725

Linegod 2014/11/24 00:14

Release of Cacti 0.8.8b

Release of Cacti 0.8.8b

We the Cacti Group are proud to release the following:

  • Cacti 0.8.8b
  • Spine 0.8.8b

Cacti 0.8.8b Change Log

  • bug: Fixed issue with custom data source information being lost when saved from edit
  • bug: Repopulate the poller cache on new installations
  • bug: Fix issue with poller not escaping the script query path correctly
  • bug: Allow snmpv3 priv proto none
  • bug: Fix issue where host activate may flush the entire poller item cache
  • security: SQL injection and shell escaping issues

Reporting Bugs

http://www.cacti.net/bugs.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks! The Cacti Group

Linegod 2013/08/06 23:20

Predict Plugin

User Herve Donati has contributed the Predict plugin, which used the PREDICT RRDtool feature, allowing for future predictions.

Check it out.

Linegod 2012/11/07 01:08

Release of Cacti 0.8.8a

We the Cacti Group are proud to release the following:

   Cacti 0.8.8a
   Spine 0.8.8a

The Plugin Architecture is now part of the official Cacti release!

Read more at http://forums.cacti.net/viewtopic.php?f=4&t=47167

Release of Cacti 0.8.8

We the Cacti Group are proud to release the following:

  • Cacti 0.8.8
  • Spine 0.8.8

The Plugin Architecture is now part of the official Cacti release!

Read the full announcement: http://forums.cacti.net/viewtopic.php?f=4&t=46926

Cacti Forums compromised

On Friday December 16th 2011 we were informed by a very nice person that they where able to retrieve the users table for the Cacti forums.

Read more at this post: http://forums.cacti.net/viewtopic.php?f=21&t=45953

Linegod 2011/12/19 17:55

Release of Cacti 0.8.7i

We the Cacti Group are proud to release the following:

  • Cacti 0.8.7i
  • Spine 0.8.7i
  • Cacti 0.8.7i with Plugin Architecture version 3.1

Note with this release we are no longer making people patch Cacti to use the Plugin Architecture. We did the work for you and now provide a completely patched release of Cacti with Plugin Architecture version 3.1.

View the bug fixes and enhancements at this forum post

Release of Cacti 0.8.7h

We the Cacti Group are proud to release the following:

  • Cacti 0.8.7h
  • Spine 0.8.7h
  • Cacti Plugin Architecture 3.0 for Cacti 0.8.7h

View the bug fixes and enhancements at this forum post

Linegod 2011/09/26 01:04

Cacti 0.8.7h Beta Release

The Cacti Group is pleased to announce the beta release of:

  • Cacti 0.8.7h
  • Plugin Architecture 3.0 for Cacti 0.8.7h
  • Spine 0.8.7h

Please test the following in your TESTING environments. DO NOT INSTALL THIS IN YOUR PRODUCTION ENVIRONMENT.

Please report any bugs to http://www.cacti.net/bugs.php

For support issues, please post in the beta discussion thread.

Beta files can be downloaded from: http://www.cacti.net/downloads/beta/

Linegod 2011/03/13 10:52

Cacti Plugin Videos

TheWitness has created a couple of walk-through videos for pending 1.0 releases.

You can see them on the bottom of the aggregate and flowview pages

Linegod 2011/01/04 21:21

Wiki Upgrade

The wiki has been upgraded.

If you notice any issues, please post them in this thread: http://forums.cacti.net/viewtopic.php?f=4&t=41266

Linegod 2011/01/02 14:22

Forum Upgrade

The Cacti Forums have been upgraded.

If you notice any issues, please post them in this thread: http://forums.cacti.net/viewtopic.php?f=4&t=40082

Linegod 2010/09/26 18:12

Spine 0.8.7g Patches

The following patch was released on 2010/08/31

Unified patch that fixes multiple issues and improves windows support. The fixes include the following bugs:

  • bug#0001669: Problems with getting data from script using SPINE on Windows Server 2003 x32
  • bug#0001829: Wrong string numerical value got from Spine SNMP poller
  • bug: Net-snmp API issues cause spine crashes with some SNMP agents
  • bug: Host list not properly initialized
  • bug: Mutex locking issues cause deadlocks in Windows
  • bug: Escape windows type back slashes in scripts

The patch can be downloaded at http://www.cacti.net/spine_download_patches.php

A Windows binary has also been uploaded.

The Windows binary can be downloaded at http://www.cacti.net/downloads/spine/packages/Windows/cacti-spine-0.8.7g.zip

Older -->