吴昊博客原创Cacti新版系列教程:https://blog.whsir.com/post-4617.html
Cacti1.2.13更新日志:
安全性更新#3544: CVE-2020-11022 / CVE-2020-11023 jQuery XSS漏洞
安全性更新#3549: 转义导致XSS漏洞
安全性更新#3582: CVE-2020-13625 将PHPMailer更新为6.1.6
安全性更新#3622: CVE-2020-14295 管理员通过filter参数注入SQL
安全性更新#3628: 模板导入缺少转义,导致XSS漏洞
问题#3517: 在生成报告时,可能会出现函数循环,导致cpu使用率达到100%
问题#3525: 在查看图形时,缩放功能防止拖放图像
问题#3527: 当使用95图形时,会产生未定义的索引错误
问题#3532: 使用Realtime时,如果不存在任何图形内容,则会生成错误
问题#3533: 导出数据时,RRDfile的开始日期与第一行数据的开始日期不匹配
问题#3536: 使用导航菜单时,在“响应”模式下显示/隐藏并非始终有效
问题#3538: 在使用Realtime时,可能会出现浏览器和函数加载之间的冲突
问题#3543: 导出CSV数据时,未正确设置Unicode前缀
问题#3551: 使用Web基本身份验证和模板用户时,身份验证可能会失败
问题#3553: 当试图查看不存在的聚合图时,会生成许多错误
问题#3563: 当前的独立处理会中断绘制临时索引
问题#3566: 自动化错误地尝试使用MacTrack复制选项
问题#3567: Boost运行时,锁并不总是正确释放,并且检测到崩溃
问题#3569: 无效的字体会导致大量日志条目
问题#3571: 由于不正确的消息变量而导致的各种运行时错误
问题#3574: 在大型系统上保存图形模板项会花费很长时间
问题#3577: 主机过滤器不正确
问题#3579: 图形可能会错误地显示为“空图”
问题#3581: 实时图形窗口大小未正确调整
问题#3588: 在查看/编辑设备时生成验证警告
问题#3594: 自动化挂起某些计划类型
问题#3595: 模板到设备同步文本不一致
问题#3596: 导入模板时,没有正确检查资源
问题#3597: 将模板同步回设备时,按继续按钮没有反馈
问题#3598: 当编辑图形和图形模板时,返回按钮会导致损坏页面
问题#3599: 降级时,将完全选择要安装的模板
问题#3601: 设备关闭时,状态可能显示错误的时间
问题#3607: 当会话超时发生时,随后对区域的授权访问可能会被阻止
问题#3611: 允许从控制台中查看更改日志
问题#3613: 当修改树时,设备和图形列表忽略自动完成行设置
问题#3614: 当部分标签环绕时,第一部分的标题可能会变得模糊
问题#3624: 预览图形时,有时图像无法显示
问题#3629: 没有在远程轮询器上正确地轮换日志文件
问题#3631: 命令行脚本不允许无限的运行时超时
问题#3632: 当mysql连接失败时,会记录各种意外错误
问题#3635: 自动化在与远程轮询器通信时生成未定义的索引错误
问题#3639: 当更新设备时,插入到数据库时会出现重复的条目错误
问题#3646: 由于缺少函数,从CLI中添加数据源失败
问题#3651: 编辑已转换为普通图的聚合图上的任何项将破坏整个图
问题#3655: Boost和Poller之间冲突可能导致意外的丢失表错误
问题#3659: 在查看日志时,很少会看到意外的“指针”错误
问题#3663: 禁用数据收集器可能会导致意外错误
问题#3668: 输入字段错误时,消息报告字段将突出显示,这是不正确的
问题#3669: 添加输入字段时,输入法可能会意外重命名
问题#3673: Spikekill没有收到正确的“ avgnan”值
问题#3676: 设备不在设备页面中显示,而在监视器选项卡中显示
问题#3681: 项目移动箭头不能正确地在所有主题上对齐
问题#3682: 在“时间图形视图”模式下,缩放功能不能正常工作
特性#3611: 允许从控制台查看更改日志
特性#3647: 从CLI添加数据源失败时,应打印创建的数据源ID
特性#3666: 将jstree.js更新为3.3.10
特性#3688: 将phpseclib更新到2.0.28
原文如下:
原文地址:https://www.cacti.net/changelog.php
security#3544: jQuery XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023)
security#3549: Lack of escaping on some pages can lead to XSS exposure
security#3582: Update PHPMailer to 6.1.6 (CVE-2020-13625)
security#3622: SQL Injection vulnerability due to input validation failure when editing colors (CVE-2020-14295)
security#3628: Lack of escaping on template import can lead to XSS exposure
issue#3517: When generating reports, function looping can occur resulting in 100% cpu usage
issue#3525: When viewing Graphs, zoom functionality prevents drag and drop of image
issue#3527: When using 95th Percentiles, undefined index errors can be generated
issue#3532: When using Realtime, if no graph contents are present an error is generated
issue#3533: When exporting data, Start date for RRDfile does not match start date of first data row
issue#3536: When using Navigation Menu, Show/Hide in Response mode does not always work
issue#3538: When using Realtime, race conditions between browser and function loading can occur
issue#3543: When exporting CSV data, Unicode prefix is not properly set
issue#3551: Authentication can fail when using Web Basic Authentication and Template User
issue#3553: When attempting to view an aggregate graph that does not exist, many errors are generated
issue#3563: Current orphan handling disrupts graphing transient indexes
issue#3566: Automation incorrectly attempts to use MacTrack to duplicate options
issue#3567: When Boost runs, locks are not always released properly and crash is detected
issue#3569: Invalid font results in large number of log entries
issue#3571: Correct various runtime errors due to incorrect message variables
issue#3574: Saving Graph Template Items take a long time on large systems
issue#3577: Hosts are being incorrectly filtered when first displaying with filter set to all
issue#3579: Graphs can incorrectly show as 'Empty Graph'
issue#3581: Realtime graph window is not resizing properly
issue#3588: Validation warnings are generated when viewing/editing devices
issue#3594: Automation hangs for certain schedule types
issue#3595: Template to Device sync text is not consistent
issue#3596: When importing template, resources aren't checked properly
issue#3597: Template to Device sync provides no feedback
issue#3598: When editing graphs and graph templates, back button results in broken page
issue#3599: When downgrading, templates are fully selected for install
issue#3601: When a device is down, instate can show wrong time
issue#3607: When session timeout occurs, subsequent authorized access to areas can become blocked
issue#3611: Allow CHANGELOG to be viewable from the GUI
issue#3613: When modifying trees, devices and graphs lists ignore Autocomplete Rows setting
issue#3614: When section tabs wrap, the title of the first section can become obscured
issue#3624: When previewing graphs, sometimes the images fail to appear
issue#3629: Log files are not rotated properly on remote pollers
issue#3631: Command line scripts do not allow an unlimited runtime causing timeouts
issue#3632: When mysql connection fails, various unexpected errors are recorded
issue#3635: Automate generates undefined index errors when communicating with remote pollers
issue#3639: When updating a device, duplicate entry errors occur when inserting to the database
issue#3646: Adding datasource fails from CLI due to missing function
issue#3651: Editing any item on an Aggregate Graph that has been converted to a normal graph breaks entire graph
issue#3655: Rare race condition between Boost and Poller can result in unexpected missing table errors
issue#3659: When viewing logs, unexpected 'needle' errors can be seen on rare occasions
issue#3663: Disabling a Data Collector can cause unexpected errors
issue#3668: When Input Field is in error, message reports field will be highlighted which is incorrect
issue#3669: When adding an Input Field, the Input Method can be renamed unexpected
issue#3673: Spikekill does not receive correct avgnan value when launching from GUI
issue#3676: Device not showing up in device page but showing up in Monitor tab
issue#3681: Item movement arrows do not properly align on all themes
issue#3682: When in 'Time Graph View' mode, Zoom features do not work correctly
feature#3611: Allow CHANGELOG to be viewable from the GUI
feature#3647: When adding datasource fails from CLI, created Datasource ID should be printed
feature#3666: Update jstree.js to 3.3.10
feature#3688: Update phpseclib to 2.0.28
原文链接:Cacti1.2.13新版发布,更新日志,转载请注明来源!
