Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Fri Aug 18, 2017 11:23 am

All times are UTC - 5 hours

Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 
Author Message
 Post subject: Release of Cacti 0.8.8c
PostPosted: Sun Nov 23, 2014 6:23 pm 
Developer/Forum Admin
User avatar

Joined: Mon Nov 17, 2003 6:35 pm
Posts: 6034
Location: Michigan, USA
Release of Cacti 0.8.8c

We the Cacti Group are proud to release the following:
  • Cacti 0.8.8c
  • Spine 0.8.8c

Important Security Fixes
  • CVE-2013-5588 - XSS issue via installer or device editing
  • CVE-2013-5589 - SQL injection vulnerability in device editing
  • CVE-2014-2326 - XSS issue via CDEF editing
  • CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
  • CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
  • CVE-2014-4002 - XSS issues in multiple files
  • CVE-2014-5025 - XSS issue via data source editing
  • CVE-2014-5026 - XSS issues in multiple files

Important Updates
  • New graph tree view
  • Updated graph list and graph preview
  • Refactor graph tree view to remove GPL incompatible code
  • Updated command line database upgrade utility
  • Graph zooming now from everywhere

Cacti 0.8.8c Change Log
  • bug#0002228: GPL incompatible files included in Cacti project in include/treeview
  • bug#0002383: Sanitize the step and id variables CVE-2013-5588, CVE-2013-5589
  • bug#0002385: Cannot export host templates while including dependencies
  • bug#0002386: cli/upgrade_database.php is missing the last two releases
  • bug#0002390: Poller/script issue with slash and backslash
  • bug#0002405: SQL injection in graph_xport.php
  • bug#0002431: CVE-2014-2326 Unspecified HTML Injection Vulnerability
  • bug#0002432: CVE-2014-2327 Cross Site Request Forgery Vulnerability - Special Thanks to Deutsche Telekom CERT
  • bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
  • bug#0002434: Suppress SNMP UNITS Suffix from cacti_snmp_get() output
  • bug#0002438: Down Host Detection issue when using SNMP Desc or SNMP getNext
  • bug#0002446: Subtract plugin processing time from Poller sleep time
  • bug#0002453: CVE-2014-4002 Cross-Site Scripting Vulnerability - Special Thanks to G. Geshev (munmap)
  • bug#0002455: Incomplete and incorrect input parsing leads to remote code execution and SQL injection attack scenarios
  • bug#0002456: CVE-2014-5025 / CVE-2014-5026 - Cross-Site Scripting Vulnerability - Special Thanks to Adan Alvarez and Paul Gevers
  • bug: Fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution
  • bug: Fix issues when SNMP data holds a "="; "explode" must be treated accordingly
  • bug: Fix filter highlighting on data sources for the data template field
  • bug: correct description of SNMP V3 parameters
  • feature: Added native jquery, jqueryui, and jstree
  • feature: Fixed issues with 'Clear' under preview not working
  • feature: Added new Tree navigation
  • feature: Added Columns and Thumbnails to Preview
  • feature: Added Columns to Tree (Preview only)
  • feature: Both Graphs and Columns default to 'Default'
  • feature: Resolved Left hand navigation taking entire page
  • feature: Added new graph zoom to tree view and preview offering a "quick" (default) and an "advanced" mode

Reporting Bugs

Download Cacti

Download Spine

The Cacti Group

Tony Roman
Experience is what causes a person to make new mistakes instead of old ones.
There are only 3 way to complete a project: Good, Fast or Cheap, pick two.
With age comes wisdom, what you choose to do with it determines whether or not you are wise.

Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 1 post ] 

All times are UTC - 5 hours

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group