cacti 0.8.6j released 17/01/2007
發表於 : 2015-02-25, 16:35
Release Notes - 0.8.6j
Important Security Fixes
Multiple security vulnerabilities have been discovered in Cacti's PHP-based poller. See below for additional information.
* CVE-2006-6799: Cacti Command Execution and SQL Injection Vulnerabilities
It is highly recommended that all users upgrade immediately. For users whom are unable to upgrade, two different patches have been provided.
* for users of 0.8.6i: Download the patch for the poller and the default scripts.
* for users of 0.8.6h: Download the patch for the poller and the default scripts.
Important Bug Fixes
A few minor bugs have been fixed in this release. See the changelog below for complete details.
Upgrade Notes
No SQL changes have been made in this release.
Changelog
bug#0000842: SNMPv3 password field does not check if entered passwords match.
bug#0000848: Fix "PHP Script Server communications lost" error in the poller under high network load.
bug#0000859: User log "purge" now keeps the last successful login.
bug#0000861: Use downed host detection even when the SNMP community is blank.
bug#0000864: Apply natural sort to graph items in the tree.
bug#0000867: Apply various cleanups to poller.php and lib/poller.php.
bug#0000870: Add sorting to the graph templates list on the "Change Graph Template" page.
bug#0000877: Fix issue that caused PHP 5.2.0 to break the Windows cmd.php poller.
bug#0000882: Add "collapsible" branches to the graph tree editor.
bug#0000883: Fix exploit in cmd.php with register_argc_argv enabled in PHP.
bug#0000884: Add bottom navigation bar to graph viewing.
bug#0000885: Fix issue causing spaces to be removed when importing/exporting data input methods.
bug#0000886: Allow SNMP ping to utilize the snmpgetnext call instead of snmpget.
bug#0000890: Fix issue with dec-vulnerability-poller patch breaking graph_view.php.
bug#0000892: Fix hostname sorting on the devices page for IP addresses.
bug#0000894: poller.php does not give any output with MySQL disabled in CLI's php.ini.
bug: Template export produces invalid XML escaped character encoding.
bug: Data queries were not sorted properly during initial display.
bug: Apply various graph changes required for Boost plugin.
bug: If your system has no hosts or graphs, you would get a warning when creating new graphs.
bug: If using the CGI version of PHP, the script server risked not starting properly.
Important Security Fixes
Multiple security vulnerabilities have been discovered in Cacti's PHP-based poller. See below for additional information.
* CVE-2006-6799: Cacti Command Execution and SQL Injection Vulnerabilities
It is highly recommended that all users upgrade immediately. For users whom are unable to upgrade, two different patches have been provided.
* for users of 0.8.6i: Download the patch for the poller and the default scripts.
* for users of 0.8.6h: Download the patch for the poller and the default scripts.
Important Bug Fixes
A few minor bugs have been fixed in this release. See the changelog below for complete details.
Upgrade Notes
No SQL changes have been made in this release.
Changelog
bug#0000842: SNMPv3 password field does not check if entered passwords match.
bug#0000848: Fix "PHP Script Server communications lost" error in the poller under high network load.
bug#0000859: User log "purge" now keeps the last successful login.
bug#0000861: Use downed host detection even when the SNMP community is blank.
bug#0000864: Apply natural sort to graph items in the tree.
bug#0000867: Apply various cleanups to poller.php and lib/poller.php.
bug#0000870: Add sorting to the graph templates list on the "Change Graph Template" page.
bug#0000877: Fix issue that caused PHP 5.2.0 to break the Windows cmd.php poller.
bug#0000882: Add "collapsible" branches to the graph tree editor.
bug#0000883: Fix exploit in cmd.php with register_argc_argv enabled in PHP.
bug#0000884: Add bottom navigation bar to graph viewing.
bug#0000885: Fix issue causing spaces to be removed when importing/exporting data input methods.
bug#0000886: Allow SNMP ping to utilize the snmpgetnext call instead of snmpget.
bug#0000890: Fix issue with dec-vulnerability-poller patch breaking graph_view.php.
bug#0000892: Fix hostname sorting on the devices page for IP addresses.
bug#0000894: poller.php does not give any output with MySQL disabled in CLI's php.ini.
bug: Template export produces invalid XML escaped character encoding.
bug: Data queries were not sorted properly during initial display.
bug: Apply various graph changes required for Boost plugin.
bug: If your system has no hosts or graphs, you would get a warning when creating new graphs.
bug: If using the CGI version of PHP, the script server risked not starting properly.