Cacti (home)ForumsRepositoryDocumentation

Release of Cacti 0.8.8f

Release of Cacti 0.8.8f

We the Cacti Group are proud to release the following:
Cacti 0.8.8f
Spine 0.8.8f

Cacti 0.8.8f Change Log
bug:0002599: 0.8.8e Poller Script Parser is Broken
bug:0002600: cli/upgrade_database.php is missing releases
bug:0002603: Graph managment graphs.php save button does not work
bug:0002599: Poller Script Parser is Broken

Reporting Bugs

http://www.cacti.net/bugs.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks!

The Cacti Group

http://forums.cacti.net/viewtopic.php?f=21&t=54874

Linegod 2015/07/23 01:39

Release of Cacti 0.8.8e

Release of Cacti 0.8.8e

We the Cacti Group are proud to release the following and respectfully ask forgiveness for the disaster release 0.8.8d was...
Cacti 0.8.8e
Spine 0.8.8e

Important Security Fixes
Multiple XSS and SQL injection vulnerabilities
CVE-2015-4634 - SQL injection in graphs.php

Cacti 0.8.8e Change Log
bug: Fixed issue with graph zooming failing to work
bug: Fixed various SQL Injection vectors
bug#0002569: Impossible to have a URL pointing directly to a graph
bug#0002574: SQL Injection Vulnerabilities in graph items and graph template items
bug#0002577: CVE-2015-4634 - SQL injection in graphs.php
bug#0002579: SQL Injection Vulnerabilities in data sources
bug#0002580: SQL Injection in cdef.php
bug#0002582: SQL Injection in data_templates.php
bug#0002583: SQL Injection in graph_templates.php
bug#0002584: SQL Injection in host_templates.php
bug#0002586: Cannot delete data sources from the GUI
bug#0002592: graph_view.php - viewing host in new tab - Undefined index: nodeid
bug#0002594: status_fail_date and status_rec_date are set incorrectly after host is marked down
bug#0002597: Incorrect value in Hosts column on Host Templates page
bug#0002598: Incorrect row number in Devices -> (Edit) page

http://forums.cacti.net/viewtopic.php?f=4&t=54851

Release of Cacti 0.8.8d

We the Cacti Group are proud to release the following:
Cacti 0.8.8d
Spine 0.8.8d

Important Security Fixes
Multiple XSS and SQL injection vulerabilities

Cacti 0.8.8d Change Log
bug: Fixed SQL injection VN: JVN#78187936 / TN:JPCERT#98968540
bug#0002261: PHP 5.4.0 added new error_reporting variable, causing cacti to show errors
bug#0002391: Odd Behaviour on ReIndex of Data Query Data
bug#0002393: Broken thumbnail images for graph templates
bug#0002402: Subtree must not have the same header as the parent header
bug#0002474: CLI add_device.php dows not set availability_method correctly
bug#0002449: The Save button does not work: Invalid html on page Console -> Cacti Settings: empty form tag
bug#0002428: Fail to delete all data input items when removing more than 1000 data sources
bug#0002439: Password with special character don't work with LDAP authentication
bug#0002461: invalid bn with ldap and anonymous bind
bug#0002465: Graph Export return empty CSV file
bug#0002484: Incorrect SQL request in cli script repair_database.php
bug#0002485: Broken pagenation on graph viewing
bug#0002489: SNMP - Get Mounted Partitions using Re-index method of Index Count Changed causes recache event every time
bug#0002490: Can not select page for multiple datasources per device
bug#0002494: CSV export always shows last day
bug#0002504: Data template search not functional
bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting Vulnerability Notification
bug#0002543: Unable to switch pages within graphs_new.php due to invalid URL generation
bug#0002544: Duplicate entry in $nav_url during list view
bug#0002571: SQL Injection and Location header injection from cdef id CVE-2015-4342
bug#0002572: SQL injection in graph templates

http://forums.cacti.net/viewtopic.php?f=21&t=54716

Linegod 2015/06/10 02:12

Official Cacti Documentation Site

Cacti Docs user ids are linked to your http://bugs.cacti.net account.

Cacti on Github

The Cacti repository has been moved to github:

https://github.com/Cacti

Linegod 2015/04/18 11:08

Release of Cacti 0.8.8c

We the Cacti Group are proud to release the following:

  • Cacti 0.8.8c
  • Spine 0.8.8c

Important Security Fixes

  • CVE-2013-5588 - XSS issue via installer or device editing
  • CVE-2013-5589 - SQL injection vulnerability in device editing
  • CVE-2014-2326 - XSS issue via CDEF editing
  • CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
  • CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
  • CVE-2014-4002 - XSS issues in multiple files
  • CVE-2014-5025 - XSS issue via data source editing
  • CVE-2014-5026 - XSS issues in multiple files

Important Updates

  • New graph tree view
  • Updated graph list and graph preview
  • Refactor graph tree view to remove GPL incompatible code
  • Updated command line database upgrade utility
  • Graph zooming now from everywhere

Cacti 0.8.8c Change Log

  • bug#0002228: GPL incompatible files included in Cacti project in include/treeview
  • bug#0002383: Sanitize the step and id variables CVE-2013-5588, CVE-2013-5589
  • bug#0002385: Cannot export host templates while including dependencies
  • bug#0002386: cli/upgrade_database.php is missing the last two releases
  • bug#0002390: Poller/script issue with slash and backslash
  • bug#0002405: SQL injection in graph_xport.php
  • bug#0002431: CVE-2014-2326 Unspecified HTML Injection Vulnerability
  • bug#0002432: CVE-2014-2327 Cross Site Request Forgery Vulnerability - Special Thanks to Deutsche Telekom CERT
  • bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
  • bug#0002434: Suppress SNMP UNITS Suffix from cacti_snmp_get() output
  • bug#0002438: Down Host Detection issue when using SNMP Desc or SNMP getNext
  • bug#0002446: Subtract plugin processing time from Poller sleep time
  • bug#0002453: CVE-2014-4002 Cross-Site Scripting Vulnerability - Special Thanks to G. Geshev (munmap)
  • bug#0002455: Incomplete and incorrect input parsing leads to remote code execution and SQL injection attack scenarios
  • bug#0002456: CVE-2014-5025 / CVE-2014-5026 - Cross-Site Scripting Vulnerability - Special Thanks to Adan Alvarez and Paul Gevers
  • bug: Fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution
  • bug: Fix issues when SNMP data holds a ”=”; “explode” must be treated accordingly
  • bug: Fix filter highlighting on data sources for the data template field
  • bug: correct description of SNMP V3 parameters
  • feature: Added native jquery, jqueryui, and jstree
  • feature: Fixed issues with 'Clear' under preview not working
  • feature: Added new Tree navigation
  • feature: Added Columns and Thumbnails to Preview
  • feature: Added Columns to Tree (Preview only)
  • feature: Both Graphs and Columns default to 'Default'
  • feature: Resolved Left hand navigation taking entire page
  • feature: Added new graph zoom to tree view and preview offering a “quick” (default) and an “advanced” mode

Reporting Bugs

http://www.cacti.net/bugs.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks!

The Cacti Group

http://forums.cacti.net/viewtopic.php?f=4&t=53725

Linegod 2014/11/24 00:14

Release of Cacti 0.8.8b

Release of Cacti 0.8.8b

We the Cacti Group are proud to release the following:

  • Cacti 0.8.8b
  • Spine 0.8.8b

Cacti 0.8.8b Change Log

  • bug: Fixed issue with custom data source information being lost when saved from edit
  • bug: Repopulate the poller cache on new installations
  • bug: Fix issue with poller not escaping the script query path correctly
  • bug: Allow snmpv3 priv proto none
  • bug: Fix issue where host activate may flush the entire poller item cache
  • security: SQL injection and shell escaping issues

Reporting Bugs

http://www.cacti.net/bugs.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks! The Cacti Group

Linegod 2013/08/06 23:20

Predict Plugin

User Herve Donati has contributed the Predict plugin, which used the PREDICT RRDtool feature, allowing for future predictions.

Check it out.

Linegod 2012/11/07 01:08

Release of Cacti 0.8.8a

We the Cacti Group are proud to release the following:

   Cacti 0.8.8a
   Spine 0.8.8a

The Plugin Architecture is now part of the official Cacti release!

Read more at http://forums.cacti.net/viewtopic.php?f=4&t=47167

Release of Cacti 0.8.8

We the Cacti Group are proud to release the following:

  • Cacti 0.8.8
  • Spine 0.8.8

The Plugin Architecture is now part of the official Cacti release!

Read the full announcement: http://forums.cacti.net/viewtopic.php?f=4&t=46926

Cacti Forums compromised

On Friday December 16th 2011 we were informed by a very nice person that they where able to retrieve the users table for the Cacti forums.

Read more at this post: http://forums.cacti.net/viewtopic.php?f=21&t=45953

Linegod 2011/12/19 17:55

Release of Cacti 0.8.7i

We the Cacti Group are proud to release the following:

  • Cacti 0.8.7i
  • Spine 0.8.7i
  • Cacti 0.8.7i with Plugin Architecture version 3.1

Note with this release we are no longer making people patch Cacti to use the Plugin Architecture. We did the work for you and now provide a completely patched release of Cacti with Plugin Architecture version 3.1.

View the bug fixes and enhancements at this forum post

Release of Cacti 0.8.7h

We the Cacti Group are proud to release the following:

  • Cacti 0.8.7h
  • Spine 0.8.7h
  • Cacti Plugin Architecture 3.0 for Cacti 0.8.7h

View the bug fixes and enhancements at this forum post

Linegod 2011/09/26 01:04

Cacti 0.8.7h Beta Release

The Cacti Group is pleased to announce the beta release of:

  • Cacti 0.8.7h
  • Plugin Architecture 3.0 for Cacti 0.8.7h
  • Spine 0.8.7h

Please test the following in your TESTING environments. DO NOT INSTALL THIS IN YOUR PRODUCTION ENVIRONMENT.

Please report any bugs to http://www.cacti.net/bugs.php

For support issues, please post in the beta discussion thread.

Beta files can be downloaded from: http://www.cacti.net/downloads/beta/

Linegod 2011/03/13 10:52

Cacti Plugin Videos

TheWitness has created a couple of walk-through videos for pending 1.0 releases.

You can see them on the bottom of the aggregate and flowview pages

Linegod 2011/01/04 21:21

Wiki Upgrade

The wiki has been upgraded.

If you notice any issues, please post them in this thread: http://forums.cacti.net/viewtopic.php?f=4&t=41266

Linegod 2011/01/02 14:22

Forum Upgrade

The Cacti Forums have been upgraded.

If you notice any issues, please post them in this thread: http://forums.cacti.net/viewtopic.php?f=4&t=40082

Linegod 2010/09/26 18:12

Spine 0.8.7g Patches

The following patch was released on 2010/08/31

Unified patch that fixes multiple issues and improves windows support. The fixes include the following bugs:

  • bug#0001669: Problems with getting data from script using SPINE on Windows Server 2003 x32
  • bug#0001829: Wrong string numerical value got from Spine SNMP poller
  • bug: Net-snmp API issues cause spine crashes with some SNMP agents
  • bug: Host list not properly initialized
  • bug: Mutex locking issues cause deadlocks in Windows
  • bug: Escape windows type back slashes in scripts

The patch can be downloaded at http://www.cacti.net/spine_download_patches.php

A Windows binary has also been uploaded.

The Windows binary can be downloaded at http://www.cacti.net/downloads/spine/packages/Windows/cacti-spine-0.8.7g.zip

Older -->