cacti 0.8.6j released 17/01/2007

Development Versions
Site Admin
文章: 23
註冊時間: 2015-02-25, 16:13

cacti 0.8.6j released 17/01/2007

文章 C.K. » 2015-02-25, 16:35

Release Notes - 0.8.6j

Important Security Fixes

Multiple security vulnerabilities have been discovered in Cacti's PHP-based poller. See below for additional information.

* CVE-2006-6799: Cacti Command Execution and SQL Injection Vulnerabilities

It is highly recommended that all users upgrade immediately. For users whom are unable to upgrade, two different patches have been provided.

* for users of 0.8.6i: Download the patch for the poller and the default scripts.
* for users of 0.8.6h: Download the patch for the poller and the default scripts.

Important Bug Fixes

A few minor bugs have been fixed in this release. See the changelog below for complete details.

Upgrade Notes

No SQL changes have been made in this release.

bug#0000842: SNMPv3 password field does not check if entered passwords match.
bug#0000848: Fix "PHP Script Server communications lost" error in the poller under high network load.
bug#0000859: User log "purge" now keeps the last successful login.
bug#0000861: Use downed host detection even when the SNMP community is blank.
bug#0000864: Apply natural sort to graph items in the tree.
bug#0000867: Apply various cleanups to poller.php and lib/poller.php.
bug#0000870: Add sorting to the graph templates list on the "Change Graph Template" page.
bug#0000877: Fix issue that caused PHP 5.2.0 to break the Windows cmd.php poller.
bug#0000882: Add "collapsible" branches to the graph tree editor.
bug#0000883: Fix exploit in cmd.php with register_argc_argv enabled in PHP.
bug#0000884: Add bottom navigation bar to graph viewing.
bug#0000885: Fix issue causing spaces to be removed when importing/exporting data input methods.
bug#0000886: Allow SNMP ping to utilize the snmpgetnext call instead of snmpget.
bug#0000890: Fix issue with dec-vulnerability-poller patch breaking graph_view.php.
bug#0000892: Fix hostname sorting on the devices page for IP addresses.
bug#0000894: poller.php does not give any output with MySQL disabled in CLI's php.ini.
bug: Template export produces invalid XML escaped character encoding.
bug: Data queries were not sorted properly during initial display.
bug: Apply various graph changes required for Boost plugin.
bug: If your system has no hosts or graphs, you would get a warning when creating new graphs.
bug: If using the CGI version of PHP, the script server risked not starting properly.