吴昊博客原创Cacti新版系列教程:https://blog.whsir.com/post-4617.html
Cacti1.2.8更新日志:
安全性更新#3025: CVE-2019-17357 在查看图形时,一些变量值没有被校验,会导致graphs.php存在SQL注入,此漏洞对0.8.x版本没有影响。
安全性更新#3026: CVE-2019-17358 该漏洞影响范围1.2.7之前版本,经过身份验证的攻击者可借此影响对象数据值并控制Cacti采取的操作,也可能导致php模块内存报错。
安全性更新#3066: HTTPS会话中没有“安全”属性的敏感Cookie
问题#1228: 较长名称的树或分支都会将主内容挤出屏幕
问题#2133: snmp_indexes被切断
问题#2888: 树中主机名很长时,模板过滤器无法选择
问题#2987: 更改颜色模板不会更新聚合图形中的模板
问题#2989: 允许远程数据收集器单独维护自己的路径
问题#2991: Cacti统计设备模板可能会发生错误
问题#2995: 编辑报告时,设置列不成功
问题#2996: 编辑用户时,保存滑块始终显示启用状态
问题#2998: 数据库存储导致会话性能上的问题
问题#2999: 空白参数会导致脚本参数中出现额外的空格
问题#3006: Boost在轮询器运行期间生成未定义变量警告
问题#3011: i18n日志不检查写权限是否存在
问题#3012: 在查看实时图形时,有些输入的变量没有被正确检查
问题#3013: 允许修改聚合图形的图例
问题#3017: 添加网络发现时,自动化网络范围的开头或结尾如果包含空格,则会失败
问题#3019: 如果用户语言与浏览器语言环境不同,则用户语言不生效
问题#3021: 树形图在现代(modern )主题页面底部被切断
问题#3023: 点击高亮标签,侧边面板不能正确的显示/隐藏
问题#3027: 聚合图形重新排序不生效
问题#3028: 放大图形时,无法达到图形边缘
问题#3030: 即使页面完成后,进度条仍会进行
问题#3032: 即使没有MAX项目,图形也可能选择MAX,而不是AVERAGE
问题#3035: 编辑一个树时,由于CSS的错误不能删除条目
问题#3037: 当使用轮询器输出时,调试功能未包含
问题#3039: 允许程序能够指定csrf-secret.php文件的另一个位置
问题#3040: 当运行自动化时,即使取消了发现,仍可继续运行
问题#3041: 当运行自动化时,扫描会出现问题
问题#3042: 当运行自动化时,扫描可能会在选择远程poller时失败
问题#3045: 查看聚合图形时,可能会出现由于未定义引用者而导致的错误
问题#3047: 保存设置时,更改会立即保存到所有远程轮询器,将导致很长的延迟才能执行操作
问题#3050: 在查看图树时,有些输入变量没有被正确检查
问题#3052: 编辑CDEF时,数据库查询缓慢
问题#3053: 在查看图形缩略图时,一些输入变量没有被正确检查
问题#3055: 在安装/升级期间,数据库测试未正确执行
问题#3059: 在使用nth_percentile时,如果使用最大整合,则不总是返回正确的值
问题#3060: 当升级从旧的MySQL数据库,格式不会改变从紧凑到动态
问题#3061: 在运行自动化时,允许使用SNMP作为ping方法
问题#3068: 管理用户时,有些输入变量没有被正确检查
问题#3070: 当遇到崩溃表时,改进数据库日志的记录
问题#3073: 自动化网络范围开始和结束的值不会被正常的显示
问题#3078: 从远程数据收集器查看图形调试时,可能会出现“文件未找到”的警告
问题#3079: 允许域名从设备的描述中去掉
问题#3080: 远程代理抛出graph_nolegend未被清理的警告
问题#3085: 当编辑轮询器时,确保每个监听地址是唯一的
问题#3081: 外部链接出现在控制台菜单上时不显示符号
问题#3089: 在实时查看图形时,未定义变量可以记录95%的图形
问题#3099: 图形模板Linux - Memory Usage存在错误的单位
问题#3101: 轮询时间不一致
问题#3104: 在查看图表时,可以在错误日志中看到byref错误
问题#3105: 在查看主机时,一些输入变量没有被正确检查
问题#3111: 当通过命令行添加设备时,不会报告错误的SNMP版本
问题#3112: 当对图形进行缩放处理时,会产生大量的请求,导致速度变慢
问题#3114: 支持USB设备更改名称
问题#3118: 转换表时,应该使用动态行格式
问题#3119: 主数据收集器在安装/升级时应该执行完全同步
问题#3120: 修改与php7.4不兼容的问题
问题#3121: 在安装/升级表格式错误时,导致错误
问题#3123: 颜色表在从Cacti0.8.x升级到Cacti1.x时未导入
问题#3124: 当添加第二个数据收集器时,不会自动启用增强功能
问题#3128: I18n处理程序存在错误致崩溃
问题#3129: 即已经登出,也会重复登出
问题#3132: 在Cacti安装/升级时,如果将自动扫描范围设置为多个,则无法进行安装/升级
特性#3077: 允许禁用远程轮询器资源缓存
原文如下:
原文地址:https://www.cacti.net/changelog.php
security#3025: CVE-2019-17357 When viewing graphs, some input variables are not properly checked (SQL injection possible)
security#3026: CVE-2019-17358 When deserializating data, ensure basic sanitization has been performed
security#3066: When using HTTPS, secure cookie to prevent potential weakness
issue#1228: Any tree or branch with a long name force main content off screen
issue#2133: Long snmp_indexes are being cut off
issue#2888: Long hostnames cause template filter to go off page
issue#2987: Changing Color Template does not update Aggregate
issue#2989: Allow Remote Data Collectors to maintain their own path variables
issue#2991: Cacti Statistics device template can generate unexpected errors
issue#2995: When editing a report, column setting may be ignored incorrectly
issue#2996: When editing a user, graph options do not properly reflect previously saved settings
issue#2998: Session performance issues due to excessive use for database storage
issue#2999: Blank arguments can lead to extra spaces in script arguments
issue#3006: Boost generates undefined variables warning during poller run
issue#3011: i18n logging does not check write permission exists
issue#3012: When viewing realtime graphs, some input variables are not properly checked
issue#3013: Allow legends to be modified for Aggregate Graphs
issue#3017: Automation network range with spaces fails validation
issue#3019: User selected language is not always adhered to
issue#3021: Tree view cuts off at the bottom of page on modern theme
issue#3023: When clicking highlighted tab, side panel is not always shown/hidden correctly
issue#3027: Aggregate Graph re-ordering does not work
issue#3028: When zooming a graph, unable to reach edge of graph without losing focus
issue#3030: Pace continues to run even after a page is finished rendering
issue#3032: Graphs may select MAX instead of AVERAGE as consolidation function even if there is no item with MAX present.
issue#3035: When editing a tree, can not remove entries due to CSS bug
issue#3037: When emptying poller output using cli, debug functions are not properly included
issue#3039: Allow packagers to be able to specify an alternate location of csrf-secret.php file
issue#3040: When running automation, discovery can still run even if cancelled
issue#3041: When running automation, scans do not always respond to being cancelled
issue#3042: When running automation, scan can fail when selecting remote pollers
issue#3045: When viewing Aggregate Graphs, an error due to undefined referrer may occur
issue#3047: When saving settings, ignore remote pollers who have not checked in recently
issue#3050: When viewing graph trees, some input variables are not properly checked
issue#3052: When editing CDEF's, slow database performance can occur
issue#3053: When viewing graph thumbnails, some input variables are not properly checked
issue#3055: During install/upgrade, database tests are not performed correctly
issue#3059: When using nth_percentile, correct value is not always returned if using MAX consolidation
issue#3060: When upgrading from older MySQL databases, format is not changed from compact to dynamic
issue#3061: When running automation, allow SNMP to be used as a ping method
issue#3068: When administrating users, some input variables are not properly checked
issue#3070: Improve database logging when a crashed table is encountered
issue#3073: Automation network range does not always produce the correct start/end values
issue#3078: When viewing graph debug from remote data collector, File Not Found warnings can appear incorrectly
issue#3079: Allow domain names to be stripped from a device's long description
issue#3080: Remote Agent throws warnings that graph_nolegend has not been sanitized
issue#3085: When editing a poller, ensure each listening IP is unique
issue#3081: External Links are not showing a glyph when they appear on the Console menu
issue#3089: When viewing graphs in realtime, undefined variable can be logged for 95th Percentile graphs
issue#3099: Graph template 'Linux - Memory Usage' has the wrong unit on its vertical_label
issue#3101: Polling times can be slightly inconsistent due
issue#3104: When viewing graphs, a byref error can be seen in the error logs
issue#3105: When viewing hosts, some input variables are not properly checked
issue#3111: When adding devices via command line, bad SNMP versions are not reported
issue#3112: When zooming on Graphs, too many requests are being made causing slowness
issue#3114: Support for USB devices that change name due to their hosts restarting
issue#3118: When converting tables, the dynamic row format should be selected
issue#3119: Main Data Collector should perform a Full Sync whenever it is installed/upgraded
issue#3120: Correct issues causing incompatibility with PHP 7.4
issue#3121: When converting tables during install, show what will be changed
issue#3123: Named colors table is not properly imported/upgraded
issue#3124: When a second data collector is added, boost is not enabled automatically
issue#3128: i18n handler checks for existence of wrong mo file
issue#3129: Logout repeated occurs even when already logged out
issue#3132: Installer fails to continue if automation range is array of networks
feature#3077: Allow disabling remote poller resource cache replication to support upgrade testing
原文链接:Cacti1.2.8新版发布,更新日志,转载请注明来源!
