Important Security Fixes
CVE-2013-5588 - XSS issue via installer or device editing
CVE-2013-5589 - SQL injection vulnerability in device editing
CVE-2014-2326 - XSS issue via CDEF editing
CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
CVE-2014-4002 - XSS issues in multiple files
CVE-2014-5025 - XSS issue via data source editing
CVE-2014-5026 - XSS issues in multiple files
Important Updates
New graph tree view
Updated graph list and graph preview
Refactor graph tree view to remove GPL incompatible code
Updated command line database upgrade utility
Graph zooming now from everywhere
- bug: Fixed issue with custom data source information being lost when
saved from edit
- bug: Repopulate the poller cache on new installations
- bug: Fix issue with poller not escaping the script query path correctly
- bug: Allow snmpv3 priv proto none
- bug: Fix issue where host activate may flush the entire poller item
cache
-security: SQL injection and shell escaping issues
Also add the fix for the security vulnerability reported in SA54531
taken from the SVN repository.
information to create graphs and populates them with data in a MySQL
database. The frontend is completely PHP driven. Along with being able
to maintain Graphs, Data Sources, and Round Robin Archives in a
database, cacti handles the data gathering also. There is also SNMP
support for those used to creating traffic graphs with MRTG.
The Plugin Architecture for Cacti was designed to be both simple in nature
and robust enough to allow freedom to do almost anything in Cacti. The
Plugin Architecture for Cacti is integrated into this package.
(created from wip/cacti by pettai)
