Menu
▾
▴
cacti-announce — Cacti updates will be posted to this mailing list
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2004 |
Jan
|
Feb
(1) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
(2) |
Oct
(2) |
Nov
|
Dec
(1) |
| 2005 |
Jan
(2) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2006 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2007 |
Jan
(2) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(4) |
Oct
(3) |
Nov
(2) |
Dec
|
| 2008 |
Jan
|
Feb
(4) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
(3) |
| 2009 |
Jan
|
Feb
(1) |
Mar
(2) |
Apr
|
May
(1) |
Jun
(1) |
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
(2) |
Jul
(2) |
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
(3) |
Oct
|
Nov
|
Dec
(1) |
| 2012 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2014 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2016 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2017 |
Jan
|
Feb
(3) |
Mar
(3) |
Apr
(4) |
May
(2) |
Jun
(2) |
Jul
(6) |
Aug
(4) |
Sep
(3) |
Oct
(2) |
Nov
(1) |
Dec
(1) |
| 2018 |
Jan
(4) |
Feb
(2) |
Mar
(1) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(2) |
Dec
|
| 2019 |
Jan
(2) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
(1) |
| 2020 |
Jan
|
Feb
(1) |
Mar
(1) |
Apr
|
May
(1) |
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
|
|
|
|
|
|
|
1
|
|
2
|
3
|
4
|
5
|
6
|
7
|
8
|
|
9
|
10
|
11
|
12
|
13
|
14
|
15
|
|
16
|
17
|
18
|
19
|
20
|
21
|
22
|
|
23
(1) |
24
|
25
|
26
|
27
|
28
|
29
|
|
30
|
|
|
|
|
|
|
|
From: Tony R. <tr...@ca...> - 2014-11-23 23:54:07
|
Release of Cacti 0.8.8c
We the Cacti Group are proud to release the following:
Cacti 0.8.8c
Spine 0.8.8c
Important Security Fixes
* CVE-2013-5588 - XSS issue via installer or device editing
* CVE-2013-5589 - SQL injection vulnerability in device editing
* CVE-2014-2326 - XSS issue via CDEF editing
* CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
* CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
* CVE-2014-4002 - XSS issues in multiple files
* CVE-2014-5025 - XSS issue via data source editing
* CVE-2014-5026 - XSS issues in multiple files
Important Updates
* New graph tree view
* Updated graph list and graph preview
* Refactor graph tree view to remove GPL incompatible code
* Updated command line database upgrade utility
* Graph zooming now from everywhere
Change Log
bug#0002228: GPL incompatible files included in Cacti project in
include/treeview
bug#0002383: Sanitize the step and id variables CVE-2013-5588,
CVE-2013-5589
bug#0002385: Cannot export host templates while including dependencies
bug#0002386: cli/upgrade_database.php is missing the last two releases
bug#0002390: Poller/script issue with slash and backslash
bug#0002405: SQL injection in graph_xport.php
bug#0002431: CVE-2014-2326 Unspecified HTML Injection Vulnerability
bug#0002432: CVE-2014-2327 Cross Site Request Forgery Vulnerability -
Special Thanks to Deutsche Telekom CERT
bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution
Vulnerability
bug#0002434: Suppress SNMP UNITS Suffix from cacti_snmp_get() output
bug#0002438: Down Host Detection issue when using SNMP Desc or SNMP getNext
bug#0002446: Subtract plugin processing time from Poller sleep time
bug#0002453: CVE-2014-4002 Cross-Site Scripting Vulnerability - Special
Thanks to G. Geshev (munmap)
bug#0002455: Incomplete and incorrect input parsing leads to remote
code execution and SQL injection attack scenarios
bug#0002456: CVE-2014-5025 / CVE-2014-5026 - Cross-Site Scripting
Vulnerability - Special Thanks to Adan Alvarez and Paul Gevers
bug: Fix COMMENT handling, even in case COMMENT is empty, with or
without HR and with variable substitution
bug: Fix issues when SNMP data holds a "="; "explode" must be treated
accordingly
bug: Fix filter highlighting on data sources for the data template field
bug: correct description of SNMP V3 parameters
feature: Added native jquery, jqueryui, and jstree
feature: Fixed issues with 'Clear' under preview not working
feature: Added new Tree navigation
feature: Added Columns and Thumbnails to Preview
feature: Added Columns to Tree (Preview only)
feature: Both Graphs and Columns default to 'Default'
feature: Resolved Left hand navigation taking entire page
feature: Added new graph zoom to tree view and preview offering a
"quick" (default) and an "advanced" mode
Reporting Bugs
http://www.cacti.net/bugs.php
Download Cacti
http://www.cacti.net/download_cacti.php
Download Spine
http://www.cacti.net/spine_download.php
Thanks!
The Cacti Group
|