forked from Cacti/cacti
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
3818 lines (3695 loc) · 263 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Cacti CHANGELOG
1.3.0-dev
-issue#2205: Allow admins to disable RRDtool watermark
-issue#3066: Enable the secure flag on cookies when HTTPS is enabled.
-issue#3074: ss_net_snmp_disk_bytes.php and ss_net_snmp_disk_io.php do now report mmcblk data.
-issue#3141: Fix FreeBSD IPv6 ping
-issue#3547: Database Audit utility does not check database permissions
-issue#3559: When a developer uses backtracing, HTML output can be seen from command line
-issue#3560: When using `input_validate_xxx`, calls to `die_html_input_error()` do not pass variable name
-issue#5019: Install SQL Statements with Database name should be quoted
-feature#1214: Move Tree Create/Remove/Modify Functions to lib/api_tree.php
-feature#1442: Add validation to GUI inputs
-feature#1523: Value above RRD maximum value
-feature#2166: LDAP configuration should only use 'user_domains_ldap'
-feature#2437: Create system-wide Proxy settings for plugins
-feature#2439: Allow CDEF to be used as a filter for Graph/Graph Templates
-feature#2474: Enable better version reporting for GitHub/Source/Package editions
-feature#2550: Enable use of authenticator codes for Two-Factor Authentication
-feature#2607: Allow adding sites from command line
-feature#2767: Plugins should be temporarily disabled if a required plugin is also disabled
-feature#3139: Added option in CLI tool remove_graphs for deletion of single graph
-feature#3187: Feature: rra path should be configurable
-feature#3260: When a device is added, populate the created date/time
-feature#3513: Add hooks for plugins to show customize graph source and customize template url
-feature#3558: Allow copy_user cli script to set various additional fields
-feature#3584: Verify passwords against Pwned databases using API
-feature#3585: CLI script to show database permissions that Cacti has
-feature#3568; Allow exclusion of snmp fields / value(s) when adding graphs via CLI
-feature#3677: Relocate the delete button for collectors to the edit page
-feature#3679: Allow searching logs by name, not just id
-feature#3724: Create Spikekill method to kill values over an absolute maximum
-feature#3725: Create the ability for Spikekill to modify only certain DSes within an RRD
-feature#3738: Ability to see MySQL permissions associated with current database user
-feature#3740: Ability to disable a site
-feature#3417: Add worst poller hosts to support page, log and email warning when poller time reached defined threshold
-feature#3845: Allow non-standard Remote Agent port to be used
-feature#3943: Add hooks for plugins to show customize graph source and customize template url (List View)
-feature#4157: Allow admin emails to utilise CLOG-style ID to name/link replacements
-feature#4202: Editing State=Down device - mark online when editing device when responding by all required probes
-feature#4296: Add hyperlink from graph edit page to graph-view
-feature#4300: Allow GPrint/CDef/VDef to be visibile in graph template item lists
-feature#4339: Change CLI progress output for rebuilding poller cache
-feature#5020: Introduce script timeout for cmd.php
-feature#5021: Allow form input validation to be reported to GUI
-feature#5025: Add Least Squares Special Data Types to Cacti
-feature#5027: Add Service Check Filter and Column and Device Thread Column
-feature#5039: Add host_poller_id replacement variable
-feature#5083: Make user log ask for confirmation on purge
-feature#5120: Define cacti system paths as constants for better code checking
-feature#5148: Allow theme-based include paths with master location
-feature#5149: Allow CSS files to be loaded async #5149
-feature#5163: DSSTATS - Add Additional Data Source Statics to Cacti
-feature#5165: DSSTATS - Change data_source_stats_hourly_cache from Memory to INNODB
-feature#5178: DSSTATS - Allow Retention of Daily, Weekly, Monthly and Yearly data for varying periods
-feature: Allow messages to be popup notifications
1.2.24
-issue#5127: Importing Local_Linux_Machine.xml.gz template raises PHP error
-issue#5134: Display of "Memory Limit" on Boost Status page shows -1 and not "Unlimited"
-issue#5135: Error in using RRDcleaner an RRDcheck causing SQL errors
-issue#5136: Function number_format_i18n should return a valid number '0' for NULL input
-issue#5137: When attempting to update structured paths, SQL errors occur
-issue#5140: Cacti PHP 8.2 SNMP Errors with php-snmp Installed
-issue#5142: Correct issues with permission model including display of authorization UI elements and warnings
-issue#5143: When a Device has zero Graphs or Data Sources, it does not display the correct value
-issue#5147: Error 500 on apache when changing languages
-issue#5150: The Import Package cli script displays the wrong 'info' parameter
-issue#5151: Templates appear to lose their suggested name values
-issue#5155: Local Linux Machine Device Package Damaged
-issue#5159: Cannot turn on publishing when editing
-issue#5160: Translations on debian 'Bullseye' systems may cause server errors
-issue#5161: Switching language in the settings only becomes active after removal of session cookie
-issue#5166: Plugin permission is not shown in correct role section
-issue#5167: Graph template for NetSNMP lmsensors missing
-issue#5168: Import Package is misleading when reviewing Device Template Changes
-issue#5169: Host table status_fail_date and Status_rec_date can appear wrong
-issue#5170: Prevent remote polling functionality from running unless remote pollers are configured
-issue#5174: Empty Location when adding new device
-issue#5180: Audit Database has issues with storage engine compare
-issue#5181: Poller functions can cause SQL errors in some cases when working with remote data collectors
-issue#5182: Graph Image does not have check for Remote Agent
-issue#5184: Cacti permission checks generate SQL errors is the user has been deleted
-issue#5185: Repair Database does not prune old Poller Item Records
-issue#5187: Getting SQL errors in the Cacti due to plugin calling register function in wrong location
1.2.23
-security#4920: Add .htaccess file to scripts folder
-security#XXXX: CVE-2022-46169 Unauthenticated Command Injection in Remote Agent
-issue#4418: When using Single Signon Frameworks like SiteMinder Cacti does not properly detect ticket revocation in callbacks
-issue#4682: New templates are not installed during the update
-issue#4838: CLI Based upgrade generates warnings in PHP 8.1
-issue#4888: Cacti audit_database.php script fails on MySQL 8.0.29 and likely will on newer versions
-issue#4889: Increase host query performance by removing check for NULL after 1.2.22
-issue#4892: Recache Loop after many devices go offline
-issue#4893: in cacti 1.2.22 real time counter gets stuck and does not count down
-issue#4896: When remote poller is in offline mode GUI inaccesible and poller times out
-issue#4897: Technical support page on remote poller shows max connections of Main poller
-issue#4903: MySQL 8.x regular expressions break Cacti Automation
-issue#4904: The Recommendation for innodb_buffer_pool_instances is incorrect for MySQL 8 and MariaDB < 10.5
-issue#4905: Labels on AREA having a colon breaks the gradient creation with an rrdtool error
-issue#4917: Under certain circumstances Real Time counter gets stuck and does not count down
-issue#4921: Aggregate Graph Permissions not working as expected
-issue#4923: Graph template "duplicate" action does not working - 500 Internal Server Error
-issue#4927: When running audit_database.php script will fail if cacti password had a ')' in it
-issue#4934: Updated phpseclib to version 2.0.38 to support PHP 8.1
-issue#4935: Net-SNMP - Device I/O template Maximum Value is zero
-issue#4940: Error display Data Collectors when sorting by hostname
-issue#4941: Viewing graphs can break when boost is running in some rare cases
-issue#4944: Newer Cacti Packages should be signed with SHA256 as SHA1 is being deprecated
-issue#4947: When creating a Data Template, ensure that the default max value is always 'U' and not '0'
-issue#4951: upgrading to 1.2.22 most of the plugins break in a multipoller setup
-issue#4960: Setting context for connections throws error in PHP 8.x
-issue#4963: Will the calculation rules of 95nth_percentile involve php and rrdtool versions
-issue#4964: Tree search not hiding non-matching tree objects
-issue#4966: When viewing the Device page, ensure that the Device Template filter only includes Devices Types in use
-issue#4971: Deprecation warnings in log files with php 8.2 associate with mib parser
-issue#4978: Graph timezone issue
-issue#4980: Business Hour php errors
-issue#4988: Data Templates that include many Data Sources bug only a few are used, cause RRDfile bloat
-issue#4990: Backtrace generated on the Links page due to undefined variable use
-issue#4991: Updating a Data Template does not properly switch the rrd_heartbeat properly for all data sources resulting in empty graphs
-issue#4993: Data Debug Troubleshooter does not pick up invalid RRD_heartbeat settings
-issue#4996: Graph Name in Graph Management shows the same name multiple times
-issue#5001: Data Debug Troubleshooter Reports False Positive Issues with Missing Data Sources
-issue#5006: Cannot delete vdef and cdef item (in theme paw) - php error
-issue#5012: Fixed three error for PHP 8 when execute cli/upgrade_database.php
-issue#5013: Cacti Bulk Walk Size of 'Auto-detect at First Reindex' not working
-issue#5015: Upgrade for 1.2.21 reporting unknown status
-issue#5017: Undefined array key and Rounding causes errors
-issue#5018: It is possible in some rare cases to have 'remember me' enabled and still be logged out after a browser timeout
-issue#5024: SNMP connection does not replace escape char in 'community'
-issue#5028: Cacti User Stats can throw errors depending on the PHP version that you running
-issue#5029: Searching for a plugin by name sometimes does not work from Plugin management interface
-issue#5030: Installer shows innodb unset
-issue#5033: Installer shows deprecated messages on PHP 8.1.2
-issue#5034: RRD Proxy Server not supported by CLI script "structure_rra_paths.php"
-issue#5041: md5_file error in custom theme after updating to 1.2.23
-issue#5057: PHP8.1 when adding a device rule in automation deprecated messages occour
-issue#5066: Cacti does not escape the watermark leading to broken graphs
-issue#5068: Installer deprecation messages during CLI install in PHP8.2
-issue#5084: After Update 1.2.20 to 1.2.22 CMDPHP ERROR: A DB Cell Failed
-issue#5088: CLI script host_update_template.php falsely changes reindex method to uptime
-issue#5096: PHP8.x SNMP Agent Complains of missing $cache variable in snmpagent_mibcachechild.php
-issue#5097: The RRDtool Utilities should not appear on Remote Data Collectors
-issue#5101: Remote Data Collector Recovery Fails
-issue#5102: When in Recovery Mode plugins that are designed to work remotely stop working
-issue#5103: When Remote Data Collector changes status a full page refresh or logout should occur
-issue#5105: Fix PHP 8 error in ss_host_disk.php - function abs with empty value
-issue#5107: Block Cacti install is session.auto_start is enabled
-issue#5111: Warnings executing function dsstats_get_and_store_ds_avgpeak_values() during boost processing
-feature#1100: Structured path not created when using remote poller and Update On-Demand
-feature#1392: AJAX handled errors do not notify Admins that page errors exist
-feature#2239: Allow Import and Export to be more controlled
-feature#2485: Importing Template requires you to upload the same file after previewing
-feature#2548: Logs display Order vs head or tail
-feature#2567: For large systems, the sort buffer should be optimized for large tables
-feature#2747: Provide better sorting in Console >Management > Graphs
-feature#2871: Report when RRA's heartbeat is below the data source profile's interval
-feature#3131: Button to reindex bad indexes
-feature#3578: Scheduled Automatic Re-indexing of Devices
-feature#4025: When importing a Template or Package, allow the user to use the system default Height, Width, and Image format instead of the one embedded in the Template
-feature#4239: On "Graph Utility View" add the name of and a link to the graph template which the graph is based on
-feature#4417: Remote Pollers - Support execution of custom functions at poller bottom
-feature#4638: Detect the graph with stale rrd or missing rrd
-feature#4754: The script ss_fping.php should timeout based upon the actual device if its searchable
-feature#4762: Allow Package Import to be selective
-feature#4967: Make adding Associated Graph Templates and Data Queries easier to use
-feature#4786: Windows install does not support SVG rendering
-feature#4820: When importing, make it possible to only import certain components
-feature#4841: Move the cactid function db_check_reconnect() to lib/database.php for other service oriented scripts
-feature#4874: Add support for showing business hours
-feature#4890: Add multi threading for Poller rechace script
-feature#4899: Pass poller status to script_server to avoid connecting to the main database when offline or in recovery
-feature#4901: Make the script server accept arguments in the standard way
-feature#4902: Updated Support for MySQL 8.x
-feature#4907: Add lmSensors to the Net-SNMP Device Template
-feature#4926: Allow the user to override Cacti auto-client time zone detection
-feature#4943: Add ability to periodically check RRDfiles for errors in batch
-feature#4948: When using proxies to load balance Cacti, if the proxy cookie times out, Cacti should properly redirect
-feature#4955: Provide Common Sense Memory Tuning based upon MySQL Tuner Recommendations
-feature#4956: The function db_check_reconnect() should be able to work with any connection
-feature#4957: Add Device Template Classes to match the Classes in Upcoming release of the Package Plugin
-feature#4963: Make Tree the unlock process not have to rebuild the page
-feature#4989: Cache Cacti 'Total Rows' by Hash to Improve Performance
-feature#5009: Adding a new method for use in xml files: value_parse_index
-feature: Adding ESXi Device Template
-feature: Upgrade billboard.js to version 3.6
-feature: Upgrade jQuery to version 3.6.1
-feature: Upgrade jQueryUI to version 1.13.2
-feature: Introduce exec() function with timeout
1.2.22
-security#4834: When creating new graphs, cross site injection is possible
-issue#4768: When creating user from template, multiple Domain FullName and Mail are not propagated
-issue#4791: Nectar Aggregate 95th emailed report broken
-issue#4796: Boost may not find archive tables correctly
-issue#4802: Users may be unable to change their password when forced during a login
-issue#4803: Net-SNMP Memory Graph Template has Wrong GPRINT
-issue#4806: Search in tree view unusable on larger installations
-issue#4808: Increased bulk insert size to avoid partial inserts and potential data loss.
-issue#4810: Call to undefined function boost_debug in Cacti log
-issue#4814: When no guest template is set, login cookies are not properly set
-issue#4817: Later RRDtool releases do not need to check last_update time
-issue#4818: Regex filters are not always long enough
-issue#4819: Domains based LDAP and AD Fullname and Email not auto-populated
-issue#4822: Cacti polling and boost report the wrong number of Data Sources when Devices are disabled
-issue#4823: When editing Graph Template Items there are cases where VDEF's are hidden when they should be shown
-issue#4831: Database SSL setting lacks default value
-issue#4837: Update default path cacti under *BSD by xmacan
-issue#4840: Web Basic authentication not creating template user
-issue#4846: Unable to change the Heartbeat of a Data Source Profile
-issue#4849: Tree Search Does Not Properly Search All Trees
-issue#4850: When structured paths are setup, RRDfiles may not always be created when possible
-issue#4851: When parsing the logs, caching would help speed up processing
-issue#4853: Deprecation warnings when attempting real-time Graphs with PHP8.1
-issue#4860: Custom Timespan is lost when clicking other tree branches
-issue#4863: Non device based Data Sources not being polled
-issue#4865: When Resource XML file inproperly formatted, graph creation can fail with errors
-issue#4866: Update code style to support PHP 8 requirements
-issue#4867: In Graph Management, filtering for "Device: None" shows all graphs
-issue#4871: Realtime popup window experiences issues on some browsers
-issue#4873: Auth settings do not always properly reflect the options selected by ddb4github
-issue#4880: MySQL can cause cacti to become stalled due to locking issues
-issue#4882: Boost process can get hung under rare conditions until the poller times out
-issue#4884: Exporting graphs under PHP 8 can cause errors
-issue#4887: Host table has wrong default for disabled and deleted columns
-feature#4533: RRD storage paths do not scale properly
-feature#4820: When importing, make it possible to only import certain components
-feature#4825: Update change_device script to include new features by bmfmancini
-feature#4827: Make help pages use latest online version wherever possible
-feature#4832: Cacti should show PHP INI locations during install
-feature#4833: Detect PHP INI values that are different in the INI vs running config
-feature#4870: Added Gradient Color support for AREA charts by thurban
-feature#4872: Update CDEF functions for RRDtool
-feature#4881: When boost is running, it's not clear which processes are running and how long they have to complete
1.2.21
-issue#4531: Correct duplicate keys within database
-issue#4614: Add support for hooks during polling loop or at poller end
-issue#4683: When adding a device, errors may be reported whilst updating templates
-issue#4684: When creating RRD error image, font may not exist by xmacan
-issue#4685: Correct issues with corrupted Cacti Packages
-issue#4687: Poller output not empty all the time
-issue#4688: When running under PHP 5.4, certain operators are not valid by ddb4github
-issue#4689: Package Import generates errors when you try to import directory or non-file
-issue#4693: Correct issues with Heartbeat definitions under PHP 8.x
-issue#4695: When importing packages, hash types are not properly processed by ddb4github
-issue#4697: Login problem
-issue#4698: When creating a device, unexpected poller down message may be shown
-issue#4701: Editing a new user or user group may cause errors
-issue#4705: Unable to automatically login using Remember Me option
-issue#4707: Unable to duplicate graph templates due to missing column
-issue#4716: Correct issues with Data Source Edit under PHP 8.x
-issue#4719: Browsers may reject CactiTimeZone and CactiDateTime cookies due to SameSite requirements
-issue#4721: Some JavaScript and image files URL are broken under midwinter theme by ddb4github
-issue#4722: When upgrading from pre 1.x, various errors may be seen by ddb4github
-issue#4726: When running under Fedora, issues may be seen with snmp values
-issue#4729: Add ability for Template and Package Installs to update Suggested Name Values/Patterns
-issue#4732: When using audit tool, text/mediumtext columns may not be properly processed by ddb4github
-issue#4735: When changing data source profiles, errors may be shown
-issue#4736: Update PHP recommendations to meet current expectations
-issue#4743: When viewing graphs, fontawesome may not always been found
-issue#4744: When using automation, numeric values may be treated as strings
-issue#4748: When saving a device, errors may be generated
-issue#4756: Importing very old Data Input Methods generate dependency warnings
-issue#4757: Correct issues with Boost running under PHP 8.x
-issue#4763: Unable to login locally when LDAP authentication enabled
-feature#4720: Add a CLI script to install/enable/disable/uninstall plugins
-feature#4740: Add log message when purging DS stats and poller repopulate
1.2.20
-security#4562: When using LDAP, authentication process may be bypassed
-security#4576: Device, Graph, Graph Template, and Graph Items may be vulnerable to XSS issues
-security#4579: Lockout policies are not properly applied to LDAP and Domain Users
-security#4593: When using 'remember me' option, incorrect realm may be selected
-security#4678: User and Group maintenance are vulnerable to SQL attacks
-security#4679: Color Templates are vulnerable to XSS attack
-issue#3816: When replicating data during installation/upgrade, system may appear to hang
-issue#4363: Graph Template Items may have duplicated entries
-issue#4435: Unable to Save Graph Settings
-issue#4449: Script Server may crash if an OID is missing or unavailable
-issue#4451: When system-wide polling is disabled, remote pollers may fail to sync changed settings
-issue#4455: When updating poller name, duplicate name protection may be over zealous
-issue#4457: Titles may show "Missing Datasource" incorectly
-issue#4458: Checking for MIB Cache can cause crashes
-issue#4460: Polling cycles may not always complete as expected
-issue#4461: When viewing graph data, non-numeric values may appear
-issue#4472: Utilities view has calculation errors when there are no data sources
-issue#4475: Add support for PHP 8
-issue#4477: Remote pollers do not force connection when online
-issue#4479: Rebuild Poller Cache CLI script should have filter options
-issue#4480: Saving a bad Data Template can damage Data Sources
-issue#4481: Reports still use Legacy attributes, despite having a format file
-issue#4482: Graph Automation slowed by in-efficient index selection
-issue#4491: When rebuilding poller cache, SNMP settings do not properly update
-issue#4492: When an OID starts with space, SNMP returns undefined data
-issue#4495: Datasource Statistics may obtain invalid data for some rebooted devices
-issue#4498: When attempting to calculate width, some input elements may cause console errors
-issue#4500: Datasource Statistics may not scale properly on larger systems
-issue#4508: Changing Multi-Device SNMP settings may not work as expected
-issue#4509: Updating Items for a Graph Template may be slow on larger systems
-issue#4511: When using the time-based view, SVG Graphs may not resize properly
-issue#4512: When using API calls, graphs without data sources may be unremovable
-issue#4516: Add additional information to help when creating graphs from templates
-issue#4519: When remote host poll fails, poller ID may not be found and cause errors
-issue#4521: Backtraces Logged in Cacti 1.2.x Branch - Gettext Translation
-issue#4522: When entering custom input, layout issues may be seen
-issue#4528: When creating a device, default setting for Device Threads may be ignored
-issue#4529: Primary Admin account notifications may not work in certain cases
-issue#4530: On larger systems, user interface for reporting may become unusable
-issue#4536: When using Web Basic Authentication, user is always mapped as guest.
-issue#4539: When handling plugin dependancies, notices may not be displayed properly
-issue#4540: Certain account types should not allow their enabled status to be changed
-issue#4543: Emails sent multiple times to the same address can be rejected
-issue#4545: Reports Tab always shows 'Administration' despite a users permissions
-issue#4546: When unauthorized, user may be redirected instead of notified
-issue#4547: Add debug options to LDAP for diagnostic purposes
-issue#4548: Rounding causes errors with variable substitution
-issue#4549: Boost may become disabled due to an invalid path
-issue#4551: Add support for PHP 8
-issue#4552: Error messages are not always cleared, resulting in duplicated messages.
-issue#4554: Add support for Automation under PHP 8
-issue#4557: When selecting a Consolidation Function, errors may be reported
-issue#4563: Breadcrumbs not always display the correct path
-issue#4564: When clicking tabs, page may not always respond
-issue#4567: Editing current user should prevent changes of account status
-issue#4568: Authentication cache does not always use the correct realm
-issue#4569: When editing users or groups, template permissions may not work as intended
-issue#4571: When changing authentication method, unneeded settings may not be hidden
-issue#4572: When basic authentication is used, login screen should not be seen
-issue#4573: On larger systems, permission checks may render system unusable
-issue#4575: When you delete a user, cookie data is not automatically removed
-issue#4577: When editing current user, last administrator may be removed
-issue#4578: The Cacti login algorithm is complicated to understand due to too much strait line code
-issue#4580: When using Web Basic Authentication, users may be seen as guests
-issue#4586: When viewing graphs, excess database queries may occur
-issue#4587: Settings may be read more often than required
-issue#4588: Unable to save host with multi-byte characters
-issue#4589: When updating tables, ensure engine, row_format and charset by ddb4github
-issue#4594: When selecting font, attempt to use system-based font before internally supplied version by ddb4github
-issue#4597: Selective Device Debug does not work with Remote Data Collectors
-issue#4598: Plugin tab does not stay visible when main poller is offline
-issue#4603: When failing back to PHP GetText, module is not always selected
-issue#4607: Configuration file may be improperly moved into the resource cache
-issue#4609: When handling sessions, user agent may not always be present
-issue#4610: When hiding disabled devices, some may still be shown
-issue#4611: When replicating to remote pollers, plugins are not always properly sync'd
-issue#4612: When using cookie authentication, Same Site support does not always work properly
-issue#4613: Newer versions of MySQL/MariaDB may prevent structure replication changes
-issue#4614: Add support for hooks during polling loop or at poller end
-issue#4615: Plugin status on a Remote Data Collector may not always be detectable
-issue#4616: When performing certain plugin actions, replication should be forced to Remote Collectors
-issue#4617: When removing a plugin, removed tables are not removed from remote pollers
-issue#4618: When plugin exceed runtimes, they should not be automatic disabled
-issue#4620: When using CLI, Remote Data Collector scripts may connect to the wrong database
-issue#4623: Boost does not operate as it should in certain situations
-issue#4624: System uptime may be missing under certain circumstances
-issue#4629: When removing many Graphs and Data Sources, polling cycles may overrun
-issue#4630: Session data is not always started correctly
-issue#4632: When creating a Datasource, Input Field Checking is not always enforced
-issue#4634: When using Basic Authentication, the Logout Everywhere button should not be shown
-issue#4645: When format file does not exist, changing certain settings may result in errors
-issue#4651: Device Description is not consistent in Poller Cache view
-issue#4652: After repopulating graph, navigation to check cumbersome
-issue#4654: When saving a data template, replication may cause errors
-issue#4658: When upgrading from pre-1.0, tree information may not properly update by ddb4github
-issue#4659: When moving a device between pollers, errors may occur
-issue#4666: Add date calculation support for PHP 8
-issue#4671: Add poller sleeping support for PHP 8
-issue#4672: When editing Reports, drag and drop may not function as intended
-issue#4680: When data drive is full, viewing a Graph can result in errors
-feature#4574: On larger systems, permissions may need alternative methods
-feature#4631: When creating a Data Source Profile, allow additional choices for Heartbeat
-feature#4636: Upgrade jQueryMulti-select to 3.0.1
-feature#4637: Change select all options to use Font Awesome icons
-feature#4641: Improve spine performance by storing the total number of system snmp_ports in use
-feature#4663: Prevent Template User Accounts from being Removed
-feature#4664: When managing by users, allow filtering by Realm
-feature#4665: Allow plugins to supply template account names
-feature#4667: When viewing logs, additional message types should be filterable
-feature#4668: When creating a Graph Template Item, allow filtering by Data Template
-feature#4669: Allow language handler to be selected via UI
-feature#4673: Updated Device packages for Synology, Citrix NetScaler, Cisco ASA/Cisco
-feature#4674: Add Advanced Ping Graph Template to initial Installable templates
-feature#4675: Add LDAP Debug Mode option
-feature#4676: Allow Reports to include devices not on a Tree
-feature#4677: Allow Basic Authentication to display custom failure message
1.2.19
-security#4356: Further fixes for grave character security protection
-issue: Over aggressive escaping causes menu visibility issues on Create Device page
-issue#3787: Add SHA256 and AES256 security levels for SNMP polling
-issue#4289: Import graph template(Preview Only) show color_id new value as a blank area
-issue#4341: Editing graphs can cause errors due to missing sequence
-issue#4342: When hovering over a Tree Graph, row shows same highlighting as Graph Edit screen
-issue#4343: When RealTime is not active, console errors may appear
-issue#4347: Race conditions may occur when multiple RRDtool processes are running
-issue#4352: Creating graphs from templates may sometimes result in errors
-issue#4353: When duplicating reports, errors may occur
-issue#4375: Boost may be blocked by overflowing poller_output table
-issue#4378: Template import may be blocked due to unmet dependency warnings with snmp ports
-issue#4381: Newer MySQL versions may error if committing a transaction when not in one
-issue#4382: SNMP Agent may not find a cache item
-issue#4383: Correct issues running under PHP 8.x
-issue#4391: When polling is disabled, boost may crash and creates many arch tables
-issue#4396: When poller runs, memory tables may not always be present
-issue#4400: Removal of redunant code
-issue#4403: Timezones may sometimes be incorrectly calculated
-issue#4404: Allow monitoring IPv6 with interface graphs
-issue#4408: When a data source uses a Data Input Method, those without a mapping should be flagged
-issue#4410: When RRDfile is not yet created, errors may appear when displaying the graph
-issue#4419: Cacti missing key indexes that result in Preset pages slowdowns
-issue#4420: Data Sources page shows no name when Data Source has no name cache
-issue#4421: db_update_table function can not alter table from signed to unsigned
-issue#4422: data remains in poller_output table even if it's flushed to rrd files
-issue#4423: Parameter list for lib/database.php:db_connect_real() is not correct in 3 places
-issue#4424: Offset is a reserved word in MariaDB 10.6 affecting Report
-issue#4425: Rendering large trees slowed due to lack of permission caching
-issue#4428: Error on interpretation of snmpUtime, when to big
-issue#4431: Applying right axis formatting creates an error-image
-issue#4435: Unable to Save Graph Settings from the Graphs pages
-issue#4437: Graph Template Cache is nullified too often when Graph Automation is running
-issue#4438: When Adding a Data Query to a Device, no Progress Spinner is shown
-issue#4439: New Browser Breaks Plugins that depend on non UTC date time data
-issue#4440: Undefined index: timeout_exceed /lib/poller.php on line: 1953
-issue#4442: When testing remote poller connectivity Errors occour
-issue#4443: When renaming poller errors occour
-issue#4444: Removing spikes by Variance does not appear to be working beyond the first RRA
-issue#4445: LDAP API lacks timeout options leading to bad login experiences
-issue#4525: When using CMD for polling, pipes are not properly referenced for PHP scripts
-feature: Add a normal/wrap class for general use
-feature: Limit File Types available for Template Import operations
-feature#1573: Cacti does not provide an option of providing a client side certificate for LDAP/AD authentication
-feature#3113: Support Stronger Encryption Available Starting in Net-SNMP v5.8
-feature#4299: Allow Cacti to use multiple possible LDAP servers
-feature#4344: Add a 15 minute polling/sampling interval
-feature#4385: Provide additional admin email notifications
-feature#4390: Add warnings for undesired changes to plugin hook return values
-feature#4409: When creating a Graph, make testing the Data Sources optional by Template
-feature#4412: Update phpseclib to 2.0.33
-feature#4413: Update jstree.js to 3.3.12
-feature#4414: Improve performance of Cacti poller on heavily loaded systems
-feature#4426: MariaDB recommendations need some tuning for recent updates
1.2.18
-security#4261: Lack of escaping on template import can lead to XSS exposure under 'midwinter' theme (CVE-2020-14424)
-security#4276: Real time graphs can expose XSS issue
-security#4282: Session IDs are not always recreated when logging out under PHP 5
-issue#4250: Unable to create graphs due to Data Source verification failure
-issue#4254: When poller first runs, time since last run produces an error
-issue#4259: Data Template caching does not update and causes errors
-issue#4263: Graphs with multiple data sources can no longer display percenticles
-issue#4266: Incomplete items from a previous polling session may be updated twice
-issue#4267: Unnecessary warnings appear when host name is not resolved
-issue#4269: Installation Wizard can become stuck when creating graphs for default device
-issue#4271: Continued timeout of registered processes
-issue#4272: Unexpected errors may appear when using hostnames without a DNS domain
-issue#4273: When adding a device from command line, testing of data sources can cause errors to be recorded
-issue#4274: When you start to zoom a graph, the auto graph refresh should be disabled
-issue#4279: Default Setting "Device Threads" will not be saved correctly
-issue#4284: Whilst upgrading, errors in upgrade scripts prevent properly execution
-issue#4293: Tree search does not take hosts belonging to a site into account
-issue#4294: Tables outside of pre-built list that need fixing, cause bad unknown column errors
-issue#4295: If a page contains multiple tables, a larger table can cause small ones to lose columns
-issue#4297: Unable to search using regular expressions when trying to filter graphs
-issue#4312: When using CMD.PHP as the poller, warnings can appear if you only use a subset of data input types
-issue#4314: When disabling the snmpagent, you can introduce significant delay to data collection
-issue#4315: Reduce repeatative warnings when resources are exhausted
-issue#4316: Remove Spikes CLI interface is unable to provide localized spike, gap fill or float operations
-issue#4321: Earlier versions of RRDTool do not correctly ignore previous updates
-issue#4324: Date/Time format of replacement field on graph cannot be changed
-issue#4325: When editing graph items, make identifying rows easier
-issue#4326: When using large lists, ensure selection is visible in dropdown menus
-issue#4330: Automation attempts to call undefined debug function
-issue#4333: Under FreeBSD, allow ping to work properly for IPv6
-issue#4367: Report owner - show at least the username when the full name is empty
-feature#4258: Update phpseclib to 2.0.31
-feature#4283: Content Security Policy may block Plugin functionality
-feature#4317: Allow the Cacti administrator to perform bulk gap filling and floating in parallel
-feature#4322: Update pace.js to version 1.2.4
-feature#4306: Allow indexing of all query id in cli reorder_data_query.php
1.2.17
-security#4019: Incorrect handling of fields led to potential XSS issues
-security#4022: SQL Injection was possible due to incorrect validation order (CVE-2020-35701)
-security#4035: Various XSS issues with HTML Forms handling
-issue: CLI scripts should not have a max allowed runtime
-issue: Normalize plugin hooks between user_admin.php and user_group_admin.php
-issue#1052: TimeZones are not handled correctly with Daylight Savings changes
-issue#3392: Allow plugins to customize device listing page
-issue#3879: Allow Graph/Data Source with custom fields to prompt during manual creation
-issue#3908: When poller overruns the script server can throw errors upon shutdown
-issue#3936: Editing a graph created from Aggregate Graph can fail
-issue#3945: CSV export can show NaN for date if TimeZone does not match system
-issue#3969: SNMPv3 Password field does not correctly limit to size of database field
-issue#3976: Font colors are being overridden leading to display issues
-issue#3977: Database upgrade may fail when using upgrade_database.php
-issue#3978: Input Validation was not handled correctly when displaying graph trees
-issue#3981: Missing API include leads to runtime errors in Automation
-issue#3985: Collation was not always handled correctly in the database library
-issue#3988: Automation raises errors when default snmp options is set to none
-issue#3990: PHP Information was not being displayed properly under Tech Support
-issue#3999: Ensure database audit code attempts to use passwordless options before sending credentials
-issue#4001: Ensure Cacti can support PHP 8
-issue#4002: Pollers may sometimes not recover properly once they go offline
-issue#4005: When viewing Realtime Graphs, validation errors may be seen for Size parameter
-issue#4008: Massive decrease in poller performance due to unset variable
-issue#4009: Ensure number format functions are consistent for i18n usage
-issue#4021: Increase maximum number of device threads
-issue#4031: Secondary filters on Data Collectors and Data Profiles do not work as expected
-issue#4033: Action Icons changed to be consistent with admin UI
-issue#4036: During discovery, Automation can throw unexpected errors due to null values
-issue#4038: When creating new graphs, a second click is required even if not needed
-issue#4042: RRD Updates can become disabled when saving performance options
-issue#4043: Boost can become unresponsive when large number of archive tables exist
-issue#4049: Enable sensitive graph information to be hidden from standard users
-issue#4050: When showing table conversion script, the example path can be displayed incorrectly
-issue#4056: Rename "Show Exceptions" checkbox to "Only Show Exceptions" which more actually reflects its function
-issue#4060: When attempting to get client address, incorrect information may be returned
-issue#4061: When getting date format, default options are not always honored
-issue#4066: Enable Boost to utilize multiple processes
-issue#4067: Disable BOOST image caching when using Graph Zoom features
-issue#4068: When viewing graphs, individual graph sizes can be ignored in favour of global default
-issue#4070: Summary data can fail to calculate when the RRDfile lacks the Data Source
-issue#4073: Zoom functionality can fail when a graph has lost focus.
-issue#4074: Realtime Images are not always adhering to defined format
-issue#4075: LDAP Settings lead to confusion when setting up LDAP authentication
-issue#4076: MariaDB tuning link points to a dead URL within System Utilities
-issue#4077: If user has no permissions assigned and tries to login, a redirect loop occours
-issue#4079: When checking current timestamps, make audit replace mysql function usage with preferred CURRENT_TIMESTAMP variable
-issue#4080: Cacti regular expression searching does not quote expressions
-issue#4082: RRDtool version detection not working for RRDproxy setup
-issue#4083: RRDCleaner does not support RRDproxy
-issue#4086: Large system performance negatively impacted due to $spikekill_templates behavior
-issue#4092: On large systems, Primary ID usage on heavily used tables will overflow due to default MySQL variable size
-issue#4095: When viewing Plugins page, icons can sometimes be misaligned
-issue#4098: Graphs and Data Sources lists can become unresponsive on very large systems
-issue#4100: When viewing User Admins, a division by zero error can sometimes be seen
-issue#4105: Allow admins to define bulk walk repetition sizes
-issue#4109: Realtime graphing can sometimes cause gaps in historic data
-issue#4110: Graph Variables are not always parsed correctly leading to errors in log files
-issue#4116: Upgrading large trees from 0.8.x to 1.x is slow
-issue#4117: Script server throws errors if a command line argument includes a backslash
-issue#4119: Implicit flushing is not always enabled, depending on OS, resulting in Script Server result issues
-issue#4121: LDAP search filter cannot be configured if too many OUs or filters are nested
-issue#4122: Automation causes SQL syntax errors when invalid operations are present
-issue#4125: On completing the installation wizard, an internal server error can sometimes be observed
-issue#4126: Deleting a damaged graph can sometimes led to removal of valid graphs too
-issue#4127: When updating Trees, graph titles are calculated too often leading to unresponsiveness
-issue#4130: On large systens, Graph creation can become unresponsive due to large number of data sources
-issue#4131: A design flaw makes importing new Graph Template slow on large systems
-issue#4134: MIB Caching does not always work as expected
-issue#4135: On large Cacti installs, editing Data Templates is slow
-issue#4136: When repairing database at command line, no option exists to skip table checks and force Data Source repair
-issue#4141: Unusually long comments do not wrap when viewing graphs, and haven't in this CHANGELOG entry either
-issue#4143: Prevent some false positive scenarios when detection orphan graphs
-issue#4147: Poller items are evaluated too quickly when mixed polling cycles are used
-issue#4148: Ensure automatic refresh of cacti log view works consistently
-issue#4149: Ensure utilities show correct information when in offline mode
-issue#4161: Data source template names should be shown in the respective "suggested values" sections
-issue#4162: Allow Persistent Connections to MariaDB/MySQL to be configured
-issue#4164: Unable to easily track Cacti login sessions when using database sessions
-issue#4166: Auto-select text when focusing auto complete elements
-issue#4169: Ensure Log Viewer 'Go' and 'Clear' buttons behave as expected
-issue#4170: Enable full name tooltips for Alias/Description columns
-issue#4173: Ensure Console menu icons are properly aligned
-issue#4174: When using replication, ensure binary logging can be disabled
-issue#4175: When syncing Templates, prevent false 'Damaged Graph' notifications from appearing
-issue#4177: Simplify Graph/Template authorization searches when not using restricted mode
-issue#4179: Correct class usage on Graph Sidebar Icons to be consistent
-issue#4180: Remove logoff option when using basic authentication
-issue#4181: Ensure realm names are more consistent
-issue#4182: Allow Automatic Graph Creation to utilise Data Templates with Overriden Values
-issue#4183: Processes can be terminated early due to incorrect timeout calculation
-issue#4184: Ensure error logging is consistent when using CMD processor instead of spine
-issue#4185: Updating Signal Handling to recommended standards for PHP 7.1+
-issue#4186: When editing a Fixed String on Tree Rule it is improperly displayed as "Unknown"
-issue#4187: Provide more direct method fo navigating to Data Source from Graph
-issue#4188: Replacement variable names are difficult to find for Aggregate Graphs and Templates
-issue#4189: Allow links from a page to its specific documentation
-issue#4190: Augmenting roles can incorrectly link to roles instead of realms in rare cases
-issue#4192: Devices search can return a black screen if device name contains the hash/pound # character
-issue#4193: Allow command line reindex to work with disabled devices
-issue#4195: When search text includes # character, filtering does not always work as expected
-issue#4197: When attempting to do a rollback on versions, the installer will not restart
-issue#4199: Allow Cacti administrator to define a min refresh interval to prevent graph gaps
-issue#4205: When removing Data-query Associated Graph Templates, it deletes the graphs Templates from bottom to top
-issue#4206: When a report was delayed, the report's time is incorrectly changed
-issue#4215: Poller recovery starts multiple processes and fails to recover properly
-issue#4223: Parallel boost restart due to timeout can result in errors.
-issue#4227: When remote poller is in offline mode, data is written to more tables than necessary
-issue#4228: Under specific circumstances, redirection issues can occur after login
-issue#4229: When no snmp option is set, automation can incorrectly report a number of issues
-issue#4232: Database TLS configuration requires client certificates as well
-issue#4233: Potential typos and incomplete parameter lists for database connection variables
-issue#4241: Tree sort mechanism does not take sites into account
-issue#4251: Caching of Graph Titles can be incorrect
-feature: Add Theme 'Midwinter'
-feature: Update phpseclib to version 2.0.30
-feature#645: Modify automation to test for data before creating graphs
-feature#3513: Add hooks for plugins to show customize graph source and customize template url
-feature#3572: Missing prompts during automation's device creation leads to blank data
-feature#4012: Allow CSRF security key to be refreshed at command line
-feature#4013: Allow remote pollers statistics to be cleared
-feature#4113: Allow user to be automatically logged out after admin defined period
-feature#4176: When replicating, ensure Cacti can detect and verify replica servers
-feature#4210: Replace c3.js with billboard.js
1.2.16
-issue#3704: When generating a report, the Cascade to Branches function does not as expected
-issue#3859: When viewing graphs, automatic refresh so not always work as expected
-issue#3898: Realtime graph pop up counter bug
-issue#3903: Undefined variable errors may occur when creating a new datasource
-issue#3907: The cli-based installer does not exit with a non-zero exit code when error occurs
-issue#3912: When an export is complete, sometimes the progress bar remains
-issue#3915: When enabling many devices, a threshold can be reached causing a slowdown in the process
-issue#3916: When performing actions against Devices, replicated device information could sometimes be lost
-issue#3917: When using API to rename a tree node, backtrace may be incorrectly shown
-issue#3919: When searching, valid pages can sometimes be shown as empty
-issue#3920: When exporting data from graphs, not all data was properly included
-issue#3924: Graph Templates filter is not updated after new graph created
-issue#3926: Username and password on the login page is not visible in Classic theme
-issue#3929: Improve wording of concurrent process and thread settings
-issue#3930: Location filter should remove blank entries
-issue#3931: When syncing data collectors, a reindex event may be triggered unnecessarily
-issue#3932: Automation Networks allows discovery of invalid IP addresses
-issue#3933: When changing permissions of the current user, they don't take effect immediately
-issue#3935: When reindexing a device, an incorrect page was sometimes displayed
-issue#3942: When repairing database, audit_database.php does not add missing columns
-issue#3948: Spine 1.2.15 - Spine Encountered An Unhandled Exception Signal Number: '6' [11, Resource temporarily unavailable] (Spine thread)
-issue#3949: Log page should not be empty if no log info exists
-issue#3953: During upgrade, there are times when realms can be duplicated leading to SQL errors
-issue#3957: When using ping.php, UDP response times are not interpreted properly
-issue#3960: Improve warning you get when attempting to view a log file you don't have access to
-issue#3962: When replicating files, scripts are not marked as executable
-issue#3963: When creating plugin tables, collation is not set properly
-feature: Update c3.js to version 0.7.20
-feature: Update Chart.js to version 2.9.4
-feature: Update phpseclib to version 2.0.29
-feature: Update PHPMailer to version 6.1.8
-feature: Use LSB shebang notation for cli scripts
-feature: Add support for cactid daemon based launcher
-feature#3923: Add ability to hide the Graph Drilldown icons
-feature#3943: Add hooks for plugins to show custom Graph Source and custom Template URL (List View)
1.2.15
-issue#3643: When editing Maximum OIDs Per Get Request, blank value can cause errors
-issue#3656: Boost may run more often than it should
-issue#3693: Recache Event Loop can cause Interface Graphs to show gaps
-issue#3703: When searching Graph Tree's, non matching devices remain visible
-issue#3711: Page validation errors may occur when opening real time graphs
-issue#3722: External Links do not always open if they are still open from previous usage
-issue#3730: Cultural changes to various word usage
-issue#3741: Replicate deleted device status instead of poller sync
-issue#3743: Description field allows more characters entered than is stored
-issue#3747: When installing or upgrading, LDAP functions may not always be included properly
-issue#3748: Unable to remove discovered device
-issue#3753: When installing or upgrading, PHP recommendations may not always return a valid value
-issue#3755: Graph Templates has duplicate SQL delete statement
-issue#3759: When syncing to remote poller, missing function errors may occur
-issue#3760: When removing devices from remote pollers, devices may reappear without details
-issue#3761: When removing devices, array errors may sometimes be recorded
-issue#3763: Variable injection does not always work as expected
-issue#3764: Editing Data Queries with multiple data templates can give errors about Suggested values
-issue#3767: Progress bar does not provide enough visual information during long page loads
-issue#3768: Some themes do not allow for a way to see which user is currently signed in
-issue#3769: When viewing tables, allow users to force all columns to be visible
-issue#3770: Column sizing is being lost between pages refreshes
-issue#3771: When viewing input methods table, no ID is shown to help identify which method is being viewed
-issue#3775: Filters do not always respect using keyboard to initiate searching
-issue#3778: When exporting a data query, an invalid column name error can sometimes be shown
-issue#3781: When checking if a view is allowed, having no session can result in errors
-issue#3782: When removing devices via the CLI, undefined variable errors may be seen
-issue#3786: Real Time Graphs may cause invalid index errors
-issue#3790: On newer versions of MySQL/MariaDB, 'system' keyword can cause issues
-issue#3793: Plugin setup can generate errors when reading options via system function
-issue#3809: Plugin version numbers can be unexpectedly truncated
-issue#3815: When PHP Session is set to autostart, an error can be reported as Cacti attempts to start it
-issue#3820: When removing multiple items, selection process does not always work
-issue#3821: When exporting colors, the indicator is not always removed upon completion
-issue#3825: Unable to pass tree and leaf ID to 'graph_button' hook
-issue#3827: When performing maintenance, various errors may sometimes be seen
-issue#3828: When Guest User setting is active, current user is not always properly set
-issue#3831: When installing Cacti, minor errors in text can be seen
-issue#3835: Numbers are not always formatted properly when there are no decimal places
-issue#3836: When viewing Real Time Graphs, an undefined index error may be recorded
-issue#3844: Minor memory leaks and refresh issues when zooming on graphs
-issue#3847: Real Time Graphs may sometimes fail due to folder permissions
-issue#3849: Navigation can sometimes occur unexpectedly due to background timers
-issue#3850: Trees management screen not reporting correct number of trees
-issue#3858: Tree sequences can sometimes skip numbers during resorting
-issue#3862: Guest user selection should not allow setting the currently logged in user
-issue#3864: Links in Table Headers do not show clearly when in modern theme
-issue#3868: Under some cases tree logic leads to undefined index errors
-issue#3869: Cacti Data Debug can show errors if the Data Source is damaged or has been removed
-issue#3871: When importing a data query, an invalid column name error can sometimes be shown
-issue#3874: When using shift functions on graphs, negative values are not allowed
-issue#3881: Correct issue when file is unreadable reporting no file was specified
-issue#3883: Orphaned Plugins have no option to be removed
-issue#3884: Update MySQL recommendations for Character Set and Colation
-issue#3888: Correct sorting of IP addresses to be numeric not alpha
-issue#3890: Saving a device should not always repopulate the poller cache
-feature: Update FontAwesome to Version 5.14
1.2.14
-issue#3676: Device not showing up in device page but showing up in Monitor tab
-issue#3678: More or Equal incorrect highlighting max_heap_table_size and tmp_table_size
-issue#3694: Spikekill `percent` is converted from percent to decimal twice, making it 1/100 of the true size
-issue#3713: When sorting data debug checks by user, no results are shown and errors recorded
-issue#3719: When tooltip is too long, the scroll bar exists, and cannot be scrolled, which makes the tooltip be hided
-issue#3723: Improper escaping of error message leads to XSS during template import preview
-issue#3728: Invalid uptime is not handled properly
-issue#3737: Poller functions may not run if 'processes' table is missing
-feature#3615: Poller keeps using old IP address for a device
1.2.13
-security#3544: jQuery XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023)
-security#3549: Lack of escaping on some pages can lead to XSS exposure (CVE-2020-23226)
-security#3582: Update PHPMailer to 6.1.6 (CVE-2020-13625)
-security#3622: SQL Injection vulnerability due to input validation failure when editing colors (CVE-2020-14295)
-security#3628: Lack of escaping on template import can lead to XSS exposure
-issue#3517: When generating reports, function looping can occur resulting in 100% cpu usage
-issue#3525: When viewing Graphs, zoom functionality prevents drag and drop of image
-issue#3527: When using 95th Percentiles, undefined index errors can be generated
-issue#3532: When using Realtime, if no graph contents are present an error is generated
-issue#3533: When exporting data, Start date for RRDfile does not match start date of first data row
-issue#3536: When using Navigation Menu, Show/Hide in Response mode does not always work
-issue#3538: When using Realtime, race conditions between browser and function loading can occur
-issue#3543: When exporting CSV data, Unicode prefix is not properly set
-issue#3551: Authentication can fail when using Web Basic Authentication and Template User
-issue#3553: When attempting to view an aggregate graph that does not exist, many errors are generated
-issue#3563: Current orphan handling disrupts graphing transient indexes
-issue#3566: Automation incorrectly attempts to use MacTrack to duplicate options
-issue#3567: When Boost runs, locks are not always released properly and crash is detected
-issue#3569: Invalid font results in large number of log entries
-issue#3571: Correct various runtime errors due to incorrect message variables
-issue#3574: Saving Graph Template Items take a long time on large systems
-issue#3577: Hosts are being incorrectly filtered when first displaying with filter set to all
-issue#3579: Graphs can incorrectly show as 'Empty Graph'
-issue#3581: Realtime graph window is not resizing properly
-issue#3588: Validation warnings are generated when viewing/editing devices
-issue#3594: Automation hangs for certain schedule types
-issue#3595: Template to Device sync text is not consistent
-issue#3596: When importing template, resources aren't checked properly
-issue#3597: Template to Device sync provides no feedback
-issue#3598: When editing graphs and graph templates, back button results in broken page
-issue#3599: When downgrading, templates are fully selected for install
-issue#3601: When a device is down, instate can show wrong time
-issue#3607: When session timeout occurs, subsequent authorized access to areas can become blocked
-issue#3611: Allow CHANGELOG to be viewable from the GUI
-issue#3613: When modifying trees, devices and graphs lists ignore Autocomplete Rows setting
-issue#3614: When section tabs wrap, the title of the first section can become obscured
-issue#3624: When previewing graphs, sometimes the images fail to appear
-issue#3629: Log files are not rotated properly on remote pollers
-issue#3631: Command line scripts do not allow an unlimited runtime causing timeouts
-issue#3632: When mysql connection fails, various unexpected errors are recorded
-issue#3635: Automate generates undefined index errors when communicating with remote pollers
-issue#3639: When updating a device, duplicate entry errors occur when inserting to the database
-issue#3646: Adding datasource fails from CLI due to missing function
-issue#3651: Editing any item on an Aggregate Graph that has been converted to a normal graph breaks entire graph
-issue#3655: Rare race condition between Boost and Poller can result in unexpected missing table errors
-issue#3659: When viewing logs, unexpected 'needle' errors can be seen on rare occasions
-issue#3663: Disabling a Data Collector can cause unexpected errors
-issue#3668: When Input Field is in error, message reports field will be highlighted which is incorrect
-issue#3669: When adding an Input Field, the Input Method can be renamed unexpected
-issue#3673: Spikekill does not receive correct `avgnan` value when launching from GUI
-issue#3676: Device not showing up in device page but showing up in Monitor tab
-issue#3681: Item movement arrows do not properly align on all themes
-issue#3682: When in 'Time Graph View' mode, Zoom features do not work correctly
-feature#3611: Allow CHANGELOG to be viewable from the GUI
-feature#3647: When adding datasource fails from CLI, created Datasource ID should be printed
-feature#3666: Update jstree.js to 3.3.10
-feature#3688: Update phpseclib to 2.0.28
1.2.12
-security#3467: Lack of escaping of color items can lead to XSS exposure (CVE-2020-7106)
-issue#3422: When Graph Item is not linked to a data source, Comments do not always get variables substituted correctly
-issue#3424: Hosts are being incorrectly filtered when no location filter is set
-issue#3427: When exporting to a CSV with unicode characters, contents can become garbled
-issue#3429: When using SNMP v3, Automation can report extraneous warnings
-issue#3432: Rare race condition exists when both boost and dsstats enabled
-issue#3434: When attempting to exploit Cacti using alert, unexpected errors can be seen
-issue#3436: Unable to login due to incorrect default of Cookie Domains in config.php.dist
-issue#3438: When upgrading to 1.2.11, installer can appear to stop at 42%
-issue#3447: SNMP Issues on recent version of PHP
-issue#3449: When viewing the installation wizard's directory permission step, items are overlapping unexpectedly
-issue#3450: When installing Cacti under XAMPP and PHP 7.4, exceptions are being recorded and installation fails
-issue#3452: New Content-Security-Policy prevents External Links from being opened
-issue#3454: Cacti's Reports are not displaying messages correctly
-issue#3457: Graphs can not properly handle negative axis values
-issue#3459: When installing a new remote poller, connection tests can incorrectly fail
-issue#3460: Addtional changes to allow plugin folder/display names to be handled better
-issue#3462: Increase default memory limit for cli scripts to prevent runtime memory issues
-issue#3463: When listing VDEF's, selecting 'has graph' can cause unexpected exceptions in logs
-issue#3468: Graph rules cannot be created for automation
-issue#3474: The SSL option to set the SSL_CA should be optional for Client Connections
-issue#3477: Boost leaking memory when a large number of Data Sources disabled
-issue#3478: Reindexing can sometimes run longer than expected
-issue#3479: When viewing the Data Query table interface, the Data Input Method should be right aligned
-issue#3483: When recording log entries, cacti should default to hyphenated date format
-issue#3484: When editing SNMP v3 passwords, previous setting is not obfuscated
-issue#3488: In automation, when viewing an 'SNMP option set', the private passphrase is in clear
-issue#3495: When installing templates, default 'all' selection will reset all existing graphs, removing customisations
-issue#3496: Graph Items can show a double percent sign incorrectly
-issue#3502: When viewing Graphs, can not switch between list, preview and tree submodes
-issue#3504: Viewing graphs before the poller has run for the first time can produce unexpected errors
-issue#3505: When viewing graph previews, clicking Go or Refresh prevents calendars from working
-issue#3506: After successfully logging in, a user can become automatically logged out again
-issue#3507: Changes to JavaScript's Storage API cause exceptions to be thrown
-issue#3510: Only guests can actually guest only pages, logged in users are denied access incorrectly
-issue#3512: When plugins update, registered files list cannot always be updated
-issue#3520: When viewing graphs, shifting time does not work when using non-english languages
-issue#3576: LDAP Authentication succeeds, but login fails due to bad session handling
-issue#3629: Log files are not rotated properly on remote pollers
-feature#3480: Created 'custom_denied' hook to allow customisation of permission denied notifications
-feature#3498: Update js.storage.js to 1.1.0
-feature#3499: Update jstree.js to 3.3.9
-feature#3500: Update phpseclib to 2.0.27
1.2.11
-security#1566: Add SameSite support for cookies
-security#1985: Cookie should be properly verified against password
-security#3342: CSRF at Admin Email
-security#3343: Improper Access Control on disabling a user.
-security#3414: Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1
-issue#2265: When attempting to save Graph field, query_ifSpeed is not properly validated
-issue#2400: Allow ability to duplicate site settings
-issue#2428: Make plugins non-case sensitive for folder names, whilst allowing nicer display names
-issue#2580: When running DSSTATS, system isn't properly detecting that another is already running
-issue#2853: Discovered Devices filtering do not include snmp description or name
-issue#3231: Allow user to unlock a tree that has been locked for editing by another
-issue#3237: Report gets resent every poller cycle
-issue#3247: Language source files do not update "PO-Revision-Date" attribute
-issue#3261: Automation rules aren't run for new devices on remote data collectors
-issue#3296: Bad PHP memory limit values can result in failed upgrades
-issue#3299: When using php-snmp and setting SNMPv3, warning is now shown as library does not support it properly
-issue#3303: When installing under Windows OS, path expansion is not converted to PHP required format
-issue#3310: When using 32-bit OS, automation errors can be seen due to subnet mask calculations
-issue#3312: Console menu does not auto-expand for graph item editor page
-issue#3313: When installing, multiple issues can be seen due to bad packages
-issue#3314: Script Server has invalid debug code left in
-issue#3317: Warnings can appear from CSRF Magic library due to multiple token values being found
-issue#3319: Errors can occur upgrading from 0.8.x due to incorrectly detected data source profile id
-issue#3322: When searching for LDAP accounts, allow recursive searching
-issue#3330: Packages that are not properly formatted can cause installation issues
-issue#3334: When upgrading from 0.8.x Automation SNMP Options should be populated
-issue#3335: Unable to hide Device based Aggregate Graphs on Tree
-issue#3336: Plugins need the ability to relax some content security policies in order to work properly
-issue#3340: Undefined variable warning can appear when using 95th percentile graphs
-issue#3341: MoTranslator does not appear to be handing null values properly
-issue#3345: When attempting to refresh datetime picker, unexpected results can appear
-issue#3346: When attempting to rewrite octet strings, extra space breaks pattern matching
-issue#3348: When attempting to handle Orphans and/or Sync Graphs, results are not as expected
-issue#3349: Prevent setting the PHP variable max_input_vars since it is read only
-issue#3350: When editing a data source template, inconsistent results can be seen due to database query
-issue#3355: When viewing raw graph data via the GUI, values are not always calculated correctly
-issue#3357: Tree Search textbox resizes to 0 in some cases
-issue#3360: When using guest accounts, after several timeouts result in refreshes, guest becomes logged out
-issue#3363: The current user and user group permissions pages are not responsive
-issue#3367: When Data Queries timeout, data is removed from the Host SNMP Cache table causing issues
-issue#3368: Saving a Graph Template Item fails due to missing includes
-issue#3373: When logging in via LDAP, ActiveDirectory would sometimes report insufficient access
-issue#3375: When polling more often than default period of collecting data, distribution of collected data was not occurring
-issue#3376: Improve speed when recovering from a poller from offline state
-issue#3378: When attempting to check whether to include MoTranslator, typo makes it appear unavailable
-issue#3380: php error when trigger threshold sendmail
-issue#3386: Second data collector shows as running when its has no items to gather
-issue#3387: Minor corrections to CSRF Magic
-issue#3388: Naming of CLI programs does not always match name used within syntax usage advice
-issue#3390: Incorrect breadcrumb bar if current tab is not "Graphs"
-issue#3402: Cacti scores low on performance audit on lighthouse audit
-issue#3408: CSRF Secret path is not passed properly when attempting to initialize secret
-issue#3409: Issues with navigation link activations to other base Cacti pages
-issue#3410: Zoom looses focus in advanced mode while crossing chart border
-issue#3411: When upgrading a primary server, full synchronization is not happening as expected
-issue#3412: When upgrading a primary server, automation templates are removed
-issue#3413: When upgrading and choosing to upgrade your packages, installer finishes without package data in log
-feature#1551: Allow system uptime to be a variable for use with graphs
-feature#1990: Plugin Realm should have a 'role' to help maintain changes between plugins
-feature#2110: Add Refresh Interval to Data Collectors display
-feature#2156: Add Location based filtering
-feature#2236: Allow for Purging of Data Source Statistics from the GUI
-feature#2268: Restore ability to duplicate a data profile
-feature#2534: Enhance table navigation bars to support systems with larger number of items
-feature#2688: Increase length of Graph Item 'value' field to support pango-markup better
-feature#3304: Allow Basic Auth Accounts to be mapped by CSV file
-feature#3366: Make form elements under checkbox_groups flow using flex grid style
-feature#3374: Set the domain attribute to secure cookies for the 'remember me' option
-feature#3403: Enhance the "Graph Debug Mode" to display RRDtool Command lengths and excess warnings
1.2.10
-security#3285: When guest users have access to realtime graphs, remote code could be executed (CVE-2020-8813)
-issue#3240: When using User Domains, global template user is used instead of the configured domain template user
-issue#3245: Unix timestamps after Sep 13 2020 are rejected as graph start/end arguments
-issue#3246: When upgrading with remote collectors, sync status does not always return properly
-issue#3250: When PHP memory limit is set to -1, recommendation value fails
-issue#3253: Upgrade can stall when checking permissions on csrf-secret.php
-issue#3254: Installer shows script owner rather than running user for suggested chown command
-issue#3266: When setting User Groups to 'Defer to the User', setting can lead to user being told they have no permissions
-issue#3269: When searching Graphs under a Chinese language, an unexpected error as sometimes shown
-issue#3274: When editing a tree, multiple device drag/drop does not work
-issue#3276: When spine aborts, script server can be left wanting or generating unnecessary logs
-issue#3277: When boost does not find an initial time, numeric errors can be raised
-issue#3281: When changing Graph Template options, incorrect image format may be selected
-issue#3282: Graph's can be sized incorrectly if image is SVG format
-issue#3283: When setting a file path, valid characters not recognised properly
-issue#3287: When using graph template 'Cacti Stats - User Logins', an incorrect count of invalid users can be seen
-issue#3288: When on Device page, pressing 'Go' on the filter caused Device New menu pick to appear
-issue#3289: When using CMD.PHP, poller id is not always shown properly
-issue#3290: When using CMD.PHP, inconsistent device logging levels may occur
-issue#3298: When initialising fields in JavaScript, text/textarea elements have width set to zero if it is hidden by parent
-issue#3302: Editing a Graph Template does not show the Data Template name
1.2.9
-security#3191: Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106)
-security#3201: Remote Code Execution due to input validation failure in Performance Boost Debug Log (CVE-2020-7237)
-issue#2937: Devices still show in lists despite being deleted
-issue#3038: When editing an aggregate on smaller screens, layout may not be correct
-issue#3136: Upgrade may fail between 1.2.7 and 1.2.8 if incompatible database format used
-issue#3142: Chrome sets graphs tree navigation view to width 0px
-issue#3146: Unable to create aggregate graphs on new installations
-issue#3149: After refresh of page, tooltips stop working
-issue#3150: When using Time Graph View, Zooming can cause errors
-issue#3151: Passing glue string after array is deprecated in PHP 7.4
-issue#3155: Aggregate does not correctly follow color template when reordered
-issue#3156: On new installs, gprint_format was missing from table aggregate_graphs
-issue#3157: Back button not working properly with Classic theme
-issue#3158: Classic theme show only 3 tabs on mobile device. Don't show Console menu
-issue#3159: PHP Memory is not correctly identified when value is not in megabytes
-issue#3161: When the poller_output_boost table is missing, recreate it before a poller run
-issue#3163: When using RPMlint, Free Software Foundation address is shown to be incorrect
-issue#3165: Zoom looses its focus after all graphs on page rendered
-issue#3166: When changing zoom level, graphs are resized inappropriately at the end
-issue#3167: Installer should initialize the csrf-secret.php file automatically
-issue#3168: sqltable_to_php.php script does not pick up row_format
-issue#3177: Remove legacy plugin hook that presents potential 3rd party security issues
-issue#3178: The change password page is not displaying the rules
-issue#3180: Receiving undefined index errors when working with some Data Queries
-issue#3181: When configuration file is unreadable, Cacti shows database connection errors if non defaults are needed
-issue#3182: When a database connection error occurs, there is no way to report actual error
-issue#3184: Improve program path detection by using system path and PHP_BINDIR
-issue#3193: Starting with MySQL 5.7 some sql_mode variables are required for some plugins
-issue#3196: Minimize use of eval() in JavaScript due to emerging Content-Security-Context guidelines
-issue#3200: Unable to mass change Graph Template image format in mass
-issue#3206: Converted aggregate graph cannot be edited
-issue#3209: Error occurs when Creating New Graphs through Automatically Added Devices using Sync Device Template
-issue#3216: When editing a Data Source Profile size is shown as 'N/A'
-issue#3224: When removing graphs by command line, regex is not properly validated when empty
-issue#3225: Unable to Import Templates due to invalid dependency hash
-issue#3226: When processing secpass login, failed logins are not recorded
-issue#3228: Login page does not remember the last realm used by user
-issue#3232: When editing HRULE and VRULE items, color selector was not presented
-issue#3233: When working with non-templated graphs, it can be difficult to determine what items represent
-issue#3235: Transient errors may occur with table poller_output_boost_arch
1.2.8
-security#3025: CVE-2019-17357 When viewing graphs, some input variables are not properly checked (SQL injection possible)
-security#3026: CVE-2019-17358 When deserializating data, ensure basic sanitization has been performed
-security#3066: When using HTTPS, secure cookie to prevent potential weakness
-issue#1228: Any tree or branch with a long name force main content off screen
-issue#2133: Long snmp_indexes are being cut off
-issue#2888: Long hostnames cause template filter to go off page
-issue#2987: Changing Color Template does not update Aggregate
-issue#2989: Allow Remote Data Collectors to maintain their own path variables
-issue#2991: Cacti Statistics device template can generate unexpected errors
-issue#2995: When editing a report, column setting may be ignored incorrectly
-issue#2996: When editing a user, graph options do not properly reflect previously saved settings
-issue#2998: Session performance issues due to excessive use for database storage
-issue#2999: Blank arguments can lead to extra spaces in script arguments
-issue#3006: Boost generates undefined variables warning during poller run
-issue#3011: i18n logging does not check write permission exists
-issue#3012: When viewing realtime graphs, some input variables are not properly checked
-issue#3013: Allow legends to be modified for Aggregate Graphs
-issue#3017: Automation network range with spaces fails validation
-issue#3019: User selected language is not always adhered to
-issue#3021: Tree view cuts off at the bottom of page on modern theme
-issue#3023: When clicking highlighted tab, side panel is not always shown/hidden correctly
-issue#3027: Aggregate Graph re-ordering does not work
-issue#3028: When zooming a graph, unable to reach edge of graph without losing focus
-issue#3030: Pace continues to run even after a page is finished rendering
-issue#3032: Graphs may select MAX instead of AVERAGE as consolidation function even if there is no item with MAX present.
-issue#3035: When editing a tree, can not remove entries due to CSS bug
-issue#3037: When emptying poller output using cli, debug functions are not properly included
-issue#3039: Allow packagers to be able to specify an alternate location of csrf-secret.php file
-issue#3040: When running automation, discovery can still run even if cancelled
-issue#3041: When running automation, scans do not always respond to being cancelled
-issue#3042: When running automation, scan can fail when selecting remote pollers
-issue#3045: When viewing Aggregate Graphs, an error due to undefined referrer may occur
-issue#3047: When saving settings, ignore remote pollers who have not checked in recently
-issue#3050: When viewing graph trees, some input variables are not properly checked
-issue#3052: When editing CDEF's, slow database performance can occur
-issue#3053: When viewing graph thumbnails, some input variables are not properly checked
-issue#3055: During install/upgrade, database tests are not performed correctly
-issue#3059: When using nth_percentile, correct value is not always returned if using MAX consolidation
-issue#3060: When upgrading from older MySQL databases, format is not changed from compact to dynamic
-issue#3061: When running automation, allow SNMP to be used as a ping method
-issue#3068: When administrating users, some input variables are not properly checked
-issue#3070: Improve database logging when a crashed table is encountered
-issue#3073: Automation network range does not always produce the correct start/end values