Shane Goulden
2010-05-25 01:30:32 UTC
cacti 0.8.7f has been released. Quite a number of bug fixes including a
new security fix which has yet to be patched in the current
cacti-0.8.7e-3 package.
security: SQL injection and shell escaping issues reported by Bonsai
Information Security (http://www.bonsai-sec.com)
security: Cross-site scripting issues reported by VUPEN Security
(http://www.vupen.com)
security: MOPS-2010-023: Cacti Graph Viewer SQL Injection Vulnerability
(http://php-security.org)
bug#0001125: XML parse error on template import with degree symbol
bug#0001311: Access denied for graph-only users when accessing index.php
directly
bug#0001366: Exported data templates do not import special characters
properly
bug#0001416: Graph Export fails with EXPORT FATAL ERROR: Export path
/some/path/root/export is within a system path /root. Can not continue.
bug#0001452: Missing "<" and ">" in "Collection Methods=>Data Input
Methods=>"Input String" after importing template
bug#0001461: Data query export/import fails
bug#0001492: RRDTool 1.3 series fonts (fontconfig) support
bug#0001506: Reindexing fails due to global include issue in lib/snmp.php
bug#0001522: Special characters break parsing of template data
bug#0001524: Export graphs and Classical Presentation does not honor per
graph export rules
bug#0001528: ICMP Ping availabilty broken in UI for Windows Servers
using IIS
bug#0001535: No display of parent ID in tree nodes for CLI tree add script
bug#0001543: All graphs are exported dispite graph export rules
bug#0001549: Function array_to_sql_or creates poor sql where clauses
bug#0001557: Quotes in Text Format graph template field break graph
rendering
bug#0001587: 64bit HEX Strings don't convert to Decimal on 32bit Systems
bug#0001604: HEX Counter values enclosed in quotes not recognized as HEX
bug#0001609: Script server timeout too aggressive with 10 second poller
interval
bug#0001628: Inconsistent message for Change SNMP Options related to
available buttons
bug#0001695: Suppress deprecated warnings in Cacti code
bug#0001725: PHP Fatal Error while trying to add a tree node via cli
bug: When creating new graphs without a data source, print error to user
instead of throwing php error
bug: Browser query string does not contain arguments
bug: Function inject_form_variables does not operate if more than 1
variable needs replacing
bug: Script imposed memory limits cause issues with some scripts
bug: Turn off process leveling if there are not enough poller items to
substantiate it
bug: Add device should allow no-snmp type devices
bug: Firefox Autocomplete causes issues with password validation
bug: Access Denied messages don't allow re-direction to login page
bug: When clearing filter on new-graphs don't clear host or template
bug: When clearing filter, reset page to 1 for all queries
bug: Graph List selectors do not persist between pages
bug: allow empty [upper|lower]_limit even without autoscaling
bug: Availability method Ping or SNMP generates meaningless warnings
feature: Add logging to SQL Save error handling
feature: Add utility to convert database to InnoDB
feature: Return nav as the title for the page
feature: Detect and correct for RRDtool segfaults
feature: Add rra_id for hosts and graphs to be used during tree export
feature: Make the Graphs pages render like the rest of Cacti
feature: Convert base Cacti UI to use buttons and not images
feature: Make poller sane so that it can be used by other cacti processes
feature: Add snmp timeout warnings for lib/snmp.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.repoforge.org/pipermail/users/attachments/20100525/912162dd/attachment.html
new security fix which has yet to be patched in the current
cacti-0.8.7e-3 package.
security: SQL injection and shell escaping issues reported by Bonsai
Information Security (http://www.bonsai-sec.com)
security: Cross-site scripting issues reported by VUPEN Security
(http://www.vupen.com)
security: MOPS-2010-023: Cacti Graph Viewer SQL Injection Vulnerability
(http://php-security.org)
bug#0001125: XML parse error on template import with degree symbol
bug#0001311: Access denied for graph-only users when accessing index.php
directly
bug#0001366: Exported data templates do not import special characters
properly
bug#0001416: Graph Export fails with EXPORT FATAL ERROR: Export path
/some/path/root/export is within a system path /root. Can not continue.
bug#0001452: Missing "<" and ">" in "Collection Methods=>Data Input
Methods=>"Input String" after importing template
bug#0001461: Data query export/import fails
bug#0001492: RRDTool 1.3 series fonts (fontconfig) support
bug#0001506: Reindexing fails due to global include issue in lib/snmp.php
bug#0001522: Special characters break parsing of template data
bug#0001524: Export graphs and Classical Presentation does not honor per
graph export rules
bug#0001528: ICMP Ping availabilty broken in UI for Windows Servers
using IIS
bug#0001535: No display of parent ID in tree nodes for CLI tree add script
bug#0001543: All graphs are exported dispite graph export rules
bug#0001549: Function array_to_sql_or creates poor sql where clauses
bug#0001557: Quotes in Text Format graph template field break graph
rendering
bug#0001587: 64bit HEX Strings don't convert to Decimal on 32bit Systems
bug#0001604: HEX Counter values enclosed in quotes not recognized as HEX
bug#0001609: Script server timeout too aggressive with 10 second poller
interval
bug#0001628: Inconsistent message for Change SNMP Options related to
available buttons
bug#0001695: Suppress deprecated warnings in Cacti code
bug#0001725: PHP Fatal Error while trying to add a tree node via cli
bug: When creating new graphs without a data source, print error to user
instead of throwing php error
bug: Browser query string does not contain arguments
bug: Function inject_form_variables does not operate if more than 1
variable needs replacing
bug: Script imposed memory limits cause issues with some scripts
bug: Turn off process leveling if there are not enough poller items to
substantiate it
bug: Add device should allow no-snmp type devices
bug: Firefox Autocomplete causes issues with password validation
bug: Access Denied messages don't allow re-direction to login page
bug: When clearing filter on new-graphs don't clear host or template
bug: When clearing filter, reset page to 1 for all queries
bug: Graph List selectors do not persist between pages
bug: allow empty [upper|lower]_limit even without autoscaling
bug: Availability method Ping or SNMP generates meaningless warnings
feature: Add logging to SQL Save error handling
feature: Add utility to convert database to InnoDB
feature: Return nav as the title for the page
feature: Detect and correct for RRDtool segfaults
feature: Add rra_id for hosts and graphs to be used during tree export
feature: Make the Graphs pages render like the rest of Cacti
feature: Convert base Cacti UI to use buttons and not images
feature: Make poller sane so that it can be used by other cacti processes
feature: Add snmp timeout warnings for lib/snmp.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.repoforge.org/pipermail/users/attachments/20100525/912162dd/attachment.html