[cacti-announce] Release of Cacti 1.2.7

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

*** Release of Cacti 1.2.7 ***

Thank you everyone who are using Cacti and especially those helping to make Cacti better!

For additional details check out the README located on GitHub.

https://github.com/Cacti/cacti/blob/develop/README.md

**IMPORTANT:** Security issue #2964 (CVE-2019-16723) was found and fixed that allowed unrestricted access to graphs via the https:<cacti>/graphs_json.php url.  Whilst this page did check that a valid user was logged in, any user would be able to access any graph regardless of any defined permissions.

*** Contribute ***

Active development of Cacti is located on GitHub! Join us in making Cacti better, submit issues, fork and submit pull requests!

https://github.com/cacti/

*** Cacti Change Log ***

security#2964: CVE-2019-16723 Security issue allows to view all graphs
issue#1181: When opening the Scheduler, it may appear off screen when opened near the bottom of a window
issue#2894: When using Remote Data Collectors, database information and recommendations may show Incorrect values
issue#2895: When using data sources from different RRDs, Percentile calculation may be incorrect
issue#2899: When displaying a form, variable substitution may not always work as expected
issue#2922: When running a data query, the result may come back as undefined
issue#2925: When using consolidation functions, retrieving the first step can cause errors
issue#2926: When editing a graph, variable validation errors may prevent changes from being saved
issue#2929: Boost performance may become poor even in single server mode
issue#2930: RRDtool can generate errors to standard output which can corrupt images
issue#2932: When RRDTool generates an error creating an image, it is not always reportedly properly
issue#2936: Installer will loop when number of tables exceeds PHP's max_input_vars limit
issue#2938: Under CentOS packages, upgrade_database.php script uses incorrect location for DB upgrade scripts
issue#2940: Images are not always properly sized until the page size changes
issue#2949: Order icons may not be properly aligned
issue#2951: Allow legends to be modified for Aggregate Graphs
issue#2958: Drop down autocomplete lists do not always open as expected
issue#2961: When syncing device templates, undefined function may be raised
issue#2963: When running ss_cpoller script, avgTime incorrect returns maxTime
issue#2966: Realtime popup windows do not always honor settings
issue#2967: When using Spikekill, gap and range fill are not operating as expected
issue#2970: When a user edits their profile, buttons may appear as unusable whilst still being enabled
issue#2973: User menu does not always display properly on mobile devices
issue#2974: Script Server can raise unexpected warnings when 'arg_num_indexes' set but not found in data source
issue#2975: Datasource Debug does not properly handle European numbers in certain circumstances
issue#2976: Boost messages should be stored in their own log file
issue#2977: Data updates with past timestamps can cause boost errors
issue#2978: Moving hosts between data collectors is slow
issue#2979: Multi Output Fields are not parsed correctly
issue#2984: When checking SQL fields, value was not always primed
issue#2986: Selecting 'Devices' menu pick closes 'Management' menu
feature#2943: Allow all Data Queries of a device to be re-indexed at once
feature#2952: If device is down or threshold breached, highlight in tree view
feature#2985: Update phpseclib to 2.0.23

*** Reporting Issues ***

http://www.cacti.net/issues.php

*** Download Cacti ***

http://www.cacti.net/download_cacti.php

*** Download Spine ***

http://www.cacti.net/spine_download.php

Thanks!
The Cacti Group