This update for cacti, cacti-spine fixes the following issues:
cacti-spine 1.2.26:
- Fix: Errors when uptime OID is not present
- Fix: MySQL reconnect option is depreciated
- Fix: Spine does not check a host with no poller items
- Fix: Poller may report the wrong number of devices polled
- Feature: Allow users to override the threads setting at the command line
- Feature: Allow spine to run in ping-only mode
cacti 1.2.26:
- CVE-2023-50250: XSS vulnerability when importing a template file (boo#1218380)
- CVE-2023-49084: RCE vulnerability when managing links (boo#1218360)
- CVE-2023-49085: SQL Injection vulnerability when managing poller devices (boo#1218378)
- CVE-2023-49086: XSS vulnerability when adding new devices (boo#1218366)
- CVE-2023-49088: XSS vulnerability when viewing data sources in debug mode (boo#1218379)
- CVE-2023-51448: SQL Injection vulnerability when managing SNMP Notification Receivers (boo#1218381)
- When viewing data sources, an undefined variable error may be seen
- Improvements for Poller Last Run Date
- Attempting to edit a Data Query that does not exist throws warnings and not an GUI error
- Improve PHP 8.1 support when adding devices
- Viewing Data Query Cache can cause errors to be logged
- Preserve option is not properly honoured when removing devices at command line
- Infinite recursion is possible during a database failure
- Monitoring Host CPU's does not always work on Windows endpoints
- Multi select drop down list box not rendered correctly in Chrome and Edge
- Selective Plugin Debugging may not always work as intended
- During upgrades, Plugins may be falsely reported as incompatible
- Plugin management at command line does not work with multiple plugins
- Improve PHP 8.1 support for incrementing only numbers
- Allow the renaming of guest and template accounts
- DS Stats issues warnings when the RRDfile has not been initialized
- When upgrading, missing data source profile can cause errors to be logged
- When deleting a single...