吴昊博客原创Cacti新版系列教程:https://blog.whsir.com/post-4617.html
Cacti1.2.7新版发布,本次更新官方修复了一个安装性问题CVE-2019-16723,该问题可以通过https://cacti/graphs_json.php无限制地访问图形。尽管此页面确实检查了有效用户的登录状态,不管权限是如何定义的,任何用户都可以访问任何图形。
Cacti1.2.7更新日志:
安全性更新#2964: CVE-2019-16723安全问题允许查看所有图表
问题#1181: 打开调度程序时,在靠近窗口底部打开时,可能会出现在屏幕外面
问题#2894: 使用远程数据收集器时,数据库信息和建议可能显示不正确的值
问题#2895: 使用来自不同的RRD数据源时,百分位数计算可能不正确
问题#2899: 显示表单时,变量替换可能不会正确的执行
问题#2922: 当运行数据查询时,可能会返回未定义的结果
问题#2925: 使用合并函数时,检索第一步可能会导致错误
问题#2926: 在编辑图形时,变量验证错误可能会阻止保存更改
问题#2929: 即使在单服务器模式下,Boost性能也可能变差
问题#2930: RRDtool可能生成错误的标准输出,从而损坏图像
问题#2932: 当RRDTool在创建图像生成错误时,报告并不总是正确
问题#2936: 当表数超过PHP的max_input_vars限制时,安装程序将循环
问题#2938: 在CentOS包下,upgrade_database.php脚本为DB升级脚本使用了错误的位置
问题#2940: 在页面大小更改之前,图像的大小并不总是正确的
问题#2949: 顺序图标可能没有正确对齐
问题#2951: 允许为聚合图修改图例
问题#2958: 下拉自动完成列表偶尔会打开失败
问题#2961: 同步设备模板时,可能会引发未定义的函数
问题#2963: 运行ss_cpoller脚本时,avgTime错误返回maxTime
问题#2966: 实时弹出窗口并不总是支持设置
问题#2967: 使用Spikekill时,间隙和范围填充未按预期运行
问题#2970: 当用户编辑其个人资料时,按钮可能仍不可用,但仍处于启用状态
问题#2973: 用户菜单并非总是在移动设备上正确显示
问题#2974: 当设置了“ arg_num_indexes”但未在数据源中找到时,Script Server会引发意外警告
问题#2975: 在某些情况下,数据源调试无法正确处理欧洲编号
问题#2976: Boost消息应存储在自己的日志文件中
问题#2977: 使用过去的时间戳进行数据更新可能会导致Boost错误
问题#2978: 在数据收集器之间移动主机的速度很慢
问题#2979: 多个输出字段没有被正确解析
问题#2984: 在检查SQL字段时,值并不总是预置的
问题#2986: 选择“设备”菜单选择关闭“管理”菜单
功能#2943: 允许一次为设备的所有数据查询重新编制索引
功能#2952: 如果设备关闭或超出阈值,在树形图中突出显示
功能#2985: 将phpseclib更新为2.0.23
原文如下:
原文地址:https://www.cacti.net/changelog.php
security#2964: CVE-2019-16723 Security issue allows to view all graphs
issue#1181: When opening the Scheduler, it may appear off screen when opened near the bottom of a window
issue#2894: When using Remote Data Collectors, database information and recommendations may show Incorrect values
issue#2895: When using data sources from different RRDs, Percentile calculation may be incorrect
issue#2899: When displaying a form, variable substitution may not always work as expected
issue#2922: When running a data query, the result may come back as undefined
issue#2925: When using consolidation functions, retrieving the first step can cause errors
issue#2926: When editing a graph, variable validation errors may prevent changes from being saved
issue#2929: Boost performance may become poor even in single server mode
issue#2930: RRDtool can generate errors to standard output which can corrupt images
issue#2932: When RRDTool generates an error creating an image, it is not always reportedly properly
issue#2936: Installer will loop when number of tables exceeds PHP's max_input_vars limit
issue#2938: Under CentOS packages, upgrade_database.php script uses incorrect location for DB upgrade scripts
issue#2940: Images are not always properly sized until the page size changes
issue#2949: Order icons may not be properly aligned
issue#2951: Allow legends to be modified for Aggregate Graphs
issue#2958: Drop down autocomplete lists do not always open as expected
issue#2961: When syncing device templates, undefined function may be raised
issue#2963: When running ss_cpoller script, avgTime incorrect returns maxTime
issue#2966: Realtime popup windows do not always honor settings
issue#2967: When using Spikekill, gap and range fill are not operating as expected
issue#2970: When a user edits their profile, buttons may appear as unusable whilst still being enabled
issue#2973: User menu does not always display properly on mobile devices
issue#2974: Script Server can raise unexpected warnings when 'arg_num_indexes' set but not found in data source
issue#2975: Datasource Debug does not properly handle European numbers in certain circumstances
issue#2976: Boost messages should be stored in their own log file
issue#2977: Data updates with past timestamps can cause boost errors
issue#2978: Moving hosts between data collectors is slow
issue#2979: Multi Output Fields are not parsed correctly
issue#2984: When checking SQL fields, value was not always primed
issue#2986: Selecting 'Devices' menu pick closes 'Management' menu
feature#2943: Allow all Data Queries of a device to be re-indexed at once
feature#2952: If device is down or threshold breached, highlight in tree view
feature#2985: Update phpseclib to 2.0.23
原文链接:Cacti1.2.7新版发布,更新日志,转载请注明来源!