From f8893bf6aaa91daccf83e3bf5edfe77d715053a1 Mon Sep 17 00:00:00 2001 From: netniV Date: Mon, 29 Apr 2024 00:32:18 +0000 Subject: [PATCH] Prepare for 1.2.27 --- CHANGELOG | 63 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 36 insertions(+), 27 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index f84ef6a3b6..413a93211d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,35 +1,44 @@ Cacti CHANGELOG 1.2.27 --issue#5622: Errors and deprecation warnings with PHP 8.3.0 --issue#5628: Argument '--with-profile' is a invalid arg of cli/import_package.php --issue#5629: auth_changepassword.php cannot return to the refer url by just clicking the "Return" button once --issue#5636: Cacti 1.2.26 error on LDAP authentication the first time --issue#5638: Add tooltip info about IPv6 address --issue#5645: Boost poller fail to update rrd which Data Template and Graph Template items do not match --issue#5648: Fractional time offsets can cause huge webserver error-logs --issue#5649: Inapprorpiate use of PHP_OS in lib/ping.php on Windows Platform --issue#5655: Function get_allowed_devices can returns incorrect device list if session user_id variable is not set --issue#5660: Warning about unknown system hash during the update --issue#5661: On Linux and *NIX variants Cacti is unable to find ping6 as it's not in the path --issue#5662: installer - Undefined array key "name" warning in php8 --issue#5669: System Utilities show incorrect System Memory if memory is larger than 1k --issue#5677: Compatibility improvements for Spikekill under PHP 8.x --issue#5693: Fix Spikekill not following correct time in schedule, Improve PHP 8.3 in spikekill process --issue#5696: When inputting Chinese to search for graphics, garbled characters appear. --issue#5701: Bad URL formating in the templates_import.php preview mode --issue#5720: mysql.time_zone_name table DB check isn't being made on Remote Poller installation --issue#5723: Remote Poller installation is finished successfully but no "finish" button --issue#5725: Remote Agent is not recording not authorized agent in log --issue#5726: Poller cache is not updating when changing hostname --issue#5727: Incorrect values status_fail_date and status_rec_date with cmd poller --issue#5731: After Marking a Tree for Editing - Saving the Tree Unpublishes the Tree --issue#5732: Web Basic Authentication does not log user logins +-security#GHSA-37x7-mfjv-mm7m: Authentication Bypass when using using older password hashes +-security#GHSA-7cmj-g5qc-pj88: RCE vulnerability when importing packages +-security#GHSA-cx8g-hvq8-p2rv: RCE vulnerability when plugins include files +-security#GHSA-gj3f-p326-gh8r: SQL Injection vulnerability when using tree rules through Automation API +-security#GHSA-grj5-8fcj-34gh: XSS vulnerability when using JavaScript based messaging API +-security#GHSA-jrxg-8wh8-943x: SQL Injection vulnerability when using form templates +-security#GHSA-p4ch-7hjw-6m87: XSS vulnerability when reading tree rules with Automation API +-security#GHSA-rqc8-78cm-85j3: XSS vulnerability when managing data queries +-security#GHSA-vjph-r677-6pcc: SQL Injection vulnerability when retrieving graphs using Automation API +-issue#5622: Improve PHP 8.3 support +-issue#5628: When importing packages via command line, data source profile could not be selected +-issue#5629: When changing password, returning to previous page does not always work +-issue#5636: When using LDAP authentication the first time, warnings may appear in logs +-issue#5638: When editing/viewing devices, add IPv6 info to hostname tooltip +-issue#5645: Improve speed of polling when Boost is enabled +-issue#5648: Improve support for Half-Hour time zones +-issue#5649: Improve support of ping on Windows +-issue#5655: When user session not found, device lists can be incorrectly returned +-issue#5660: On import, legacy templates may generate warnings +-issue#5661: Improve support for alternate locations of Ping +-issue#5662: Improve PHP 8.1 support for Installer +-issue#5669: Fix issues with number formatting +-issue#5677: Improve PHP 8.1 support when SpikeKill is run first time +-issue#5693: Improve PHP 8.1 support for SpikeKill +-issue#5696: When using Chinese to search for graphics, garbled characters appear. +-issue#5701: When importing templates, preview mode will not always load +-issue#5720: When remote poller is installed, MySQL TimeZone DB checks are not performed +-issue#5723: When Remote Poller installation completes, no finish button is shown +-issue#5725: Unauthorized agents should be recorded into logs +-issue#5726: Poller cache may not always update if hostname changes +-issue#5727: When using CMD poller, Failure and Recovery dates may have incorrect values +-issue#5731: Saving a Tree can cause the tree to become unpublished +-issue#5732: Web Basic Authentication does not record user logins -issue#5733: When using Accent-based languages, translations may not work properly --feature#5692: Add a "device enabled/disabled" indicator next to the graphs +-feature#5692: Add a device "enabled/disabled" indicator next to the graphs -feature#5710: Notify the admin periodically when a remote data collector goes into heartbeat status --feature#5716: Add Aruba Clearpass template --feature#5730: Enable a way to view which Device Templates are using which Graph Templates +-feature#5716: Add template for Aruba Clearpass +-feature#5730: Add fliter/sort of Device Templates by Graph Templates 1.2.26 -security#GHSA-xwqc-7jc4-xm73: XSS vulnerability when importing a template file