首页 » 软件更新 » Cacti1.2.9新版发布,更新日志

Cacti1.2.9新版发布,更新日志

 

吴昊博客原创Cacti新版系列教程:https://blog.whsir.com/post-4617.html

Cacti1.2.9更新日志:

安全性更新#3191: CVE-2020-7106在某些页面缺少转义符,会导致XSS漏洞
安全性更新#3201: CVE-2020-7237远程执行代码漏洞,攻击者必须经过身份验证,必须有权限修改性能设置
问题#2937: 被删除的设备仍然会出现在列表中
问题#3038: 在小屏幕上编辑聚合时,布局可能会不正确
问题#3136: 如果使用不兼容的数据库格式,升级可能会在1.2.7和1.2.8之间失败
问题#3142: Chrome将图树导航视图的宽度设置为0px
问题#3146: 创建聚合图失败
问题#3149: 页面刷新后,工具提示会停止工作
问题#3150: 使用时间视图时,缩放可能会导致错误
问题#3151: php7.4报错
问题#3155: 重新排序时,聚合不能正确地遵循颜色模板
问题#3156: 在新安装时,aggregate_graphs表中缺少gprint_format
问题#3157: 在经典的主题中,后退按钮不能正常工作
问题#3158: 经典主题在移动设备上只有3个标签。不显示控制台菜单
问题#3159: 当值不是以兆字节为单位时,无法正确识别PHP内存
问题#3161: 当poller_output_boost表丢失时,在轮询器运行之前重新创建它
问题#3163: 当使用RPMlint时,自由软件基金会地址显示不正确
问题#3165: 缩放在页面上的所有图形呈现后失去焦点
问题#3166: 当改变缩放级别时,图形的大小在最后会被不适当地调整
问题#3167: 安装程序应该自动初始化csrf-secret.php文件
问题#3168: sqltable_to_php.php脚本没有选择row_format
问题#3177: 删除旧版存在安全问题的第三方插件
问题#3178: 更改密码页面未显示规则
问题#3180: 在处理一些数据查询时接收未定义的索引错误
问题#3181: 当配置文件不可读时,如果需要非缺省值,Cacti将显示数据库连接错误
问题#3182: 当出现数据库连接错误时,无法报告实际的错误
问题#3184: 使用系统路径和PHP_BINDIR改进程序路径检测
问题#3193: 从MySQL 5.7开始,一些插件需要一些sql_mode变量
问题#3196: 尽量减少在JavaScript中使用eval(),因为出现了内容-安全-上下文准则
问题#3200: 无法改变图形模板图像的格式
问题#3206: 转换后的聚合图无法通过控制台编辑
问题#3209: 使用同步设备模板通过自动添加的设备创建新图形时发生错误
问题#3216: 当编辑一个数据源概要文件时,大小显示为'N/ a '
问题#3224: 当通过命令行删除图形时,正则表达式在为空时不能正确验证
问题#3225: 由于依赖项无效,无法导入模板
问题#3226: 在处理secpass登录时,不会记录失败的登录
问题#3228: 使用LDAP登录时,Cacti不会记住上次登录的域
问题#3232: 编辑HRULE或VRULE图形项目时,颜色选择器消失
问题#3233: 编辑图形时,数据源名称信息较少不方便验证
问题#3235: 表poller_output_boost_arch可能会出现错误

原文如下:

原文地址:https://www.cacti.net/changelog.php

security#3191: Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106)
security#3201: Remote Code Execution due to input validation failure in Performance Boost Debug Log (CVE-2020-7237)
issue#2937: Devices still show in lists despite being deleted
issue#3038: When editing an aggregate on smaller screens, layout may not be correct
issue#3136: Upgrade may fail between 1.2.7 and 1.2.8 if incompatible database format used
issue#3142: Chrome sets graphs tree navigation view to width 0px
issue#3146: Unable to create aggregate graphs on new installations
issue#3149: After refresh of page, tooltips stop working
issue#3150: When using Time Graph View, Zooming can cause errors
issue#3151: Passing glue string after array is deprecated in PHP 7.4
issue#3155: Aggregate does not correctly follow color template when reordered
issue#3156: On new installs, gprint_format was missing from table aggregate_graphs
issue#3157: Back button not working properly with Classic theme
issue#3158: Classic theme show only 3 tabs on mobile device. Don't show Console menu
issue#3159: PHP Memory is not correctly identified when value is not in megabytes
issue#3161: When the poller_output_boost table is missing, recreate it before a poller run
issue#3163: When using RPMlint, Free Software Foundation address is shown to be incorrect
issue#3165: Zoom looses its focus after all graphs on page rendered
issue#3166: When changing zoom level, graphs are resized inappropriately at the end
issue#3167: Installer should initialize the csrf-secret.php file automatically
issue#3168: sqltable_to_php.php script does not pick up row_format
issue#3177: Remove legacy plugin hook that presents potential 3rd party security issues
issue#3178: The change password page is not displaying the rules
issue#3180: Receiving undefined index errors when working with some Data Queries
issue#3181: When configuration file is unreadable, Cacti shows database connection errors if non defaults are needed
issue#3182: When a database connection error occurs, there is no way to report actual error
issue#3184: Improve program path detection by using system path and PHP_BINDIR
issue#3193: Starting with MySQL 5.7 some sql_mode variables are required for some plugins
issue#3196: Minimize use of eval() in JavaScript due to emerging Content-Security-Context guidelines
issue#3200: Unable to mass change Graph Template image format in mass
issue#3206: Converted aggregate graph cannot be edited
issue#3209: Error occurs when Creating New Graphs through Automatically Added Devices using Sync Device Template
issue#3216: When editing a Data Source Profile size is shown as 'N/A'
issue#3224: When removing graphs by command line, regex is not properly validated when empty
issue#3225: Unable to Import Templates due to invalid dependency hash
issue#3226: When processing secpass login, failed logins are not recorded
issue#3228: Login page does not remember the last realm used by user
issue#3232: When editing HRULE and VRULE items, color selector was not presented
issue#3233: When working with non-templated graphs, it can be difficult to determine what items represent
issue#3235: Transient errors may occur with table poller_output_boost_arch

原文链接:Cacti1.2.9新版发布,更新日志,转载请注明来源!

0