Release of Cacti 0.8.8c

Important information about Cacti developments that all users should be interested in.

Moderators: Moderators, Developers

Locked
Author
Message
User avatar
rony
Developer/Forum Admin
Posts: 6016
Joined: Mon Nov 17, 2003 6:35 pm
Location: Michigan, USA
Contact:

Release of Cacti 0.8.8c

#1 Post by rony » Sun Nov 23, 2014 6:23 pm

Release of Cacti 0.8.8c

We the Cacti Group are proud to release the following:
  • Cacti 0.8.8c
  • Spine 0.8.8c
Important Security Fixes
  • CVE-2013-5588 - XSS issue via installer or device editing
  • CVE-2013-5589 - SQL injection vulnerability in device editing
  • CVE-2014-2326 - XSS issue via CDEF editing
  • CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
  • CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
  • CVE-2014-4002 - XSS issues in multiple files
  • CVE-2014-5025 - XSS issue via data source editing
  • CVE-2014-5026 - XSS issues in multiple files
Important Updates
  • New graph tree view
  • Updated graph list and graph preview
  • Refactor graph tree view to remove GPL incompatible code
  • Updated command line database upgrade utility
  • Graph zooming now from everywhere
Cacti 0.8.8c Change Log
  • bug#0002228: GPL incompatible files included in Cacti project in include/treeview
  • bug#0002383: Sanitize the step and id variables CVE-2013-5588, CVE-2013-5589
  • bug#0002385: Cannot export host templates while including dependencies
  • bug#0002386: cli/upgrade_database.php is missing the last two releases
  • bug#0002390: Poller/script issue with slash and backslash
  • bug#0002405: SQL injection in graph_xport.php
  • bug#0002431: CVE-2014-2326 Unspecified HTML Injection Vulnerability
  • bug#0002432: CVE-2014-2327 Cross Site Request Forgery Vulnerability - Special Thanks to Deutsche Telekom CERT
  • bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
  • bug#0002434: Suppress SNMP UNITS Suffix from cacti_snmp_get() output
  • bug#0002438: Down Host Detection issue when using SNMP Desc or SNMP getNext
  • bug#0002446: Subtract plugin processing time from Poller sleep time
  • bug#0002453: CVE-2014-4002 Cross-Site Scripting Vulnerability - Special Thanks to G. Geshev (munmap)
  • bug#0002455: Incomplete and incorrect input parsing leads to remote code execution and SQL injection attack scenarios
  • bug#0002456: CVE-2014-5025 / CVE-2014-5026 - Cross-Site Scripting Vulnerability - Special Thanks to Adan Alvarez and Paul Gevers
  • bug: Fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution
  • bug: Fix issues when SNMP data holds a "="; "explode" must be treated accordingly
  • bug: Fix filter highlighting on data sources for the data template field
  • bug: correct description of SNMP V3 parameters
  • feature: Added native jquery, jqueryui, and jstree
  • feature: Fixed issues with 'Clear' under preview not working
  • feature: Added new Tree navigation
  • feature: Added Columns and Thumbnails to Preview
  • feature: Added Columns to Tree (Preview only)
  • feature: Both Graphs and Columns default to 'Default'
  • feature: Resolved Left hand navigation taking entire page
  • feature: Added new graph zoom to tree view and preview offering a "quick" (default) and an "advanced" mode
Reporting Bugs

http://www.cacti.net/bugs.php

Download Cacti

http://www.cacti.net/download_cacti.php

Download Spine

http://www.cacti.net/spine_download.php

Thanks!
The Cacti Group
[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]

Locked