latest version: 1.2.14
 Cacti (home)ForumsDocumentation

Cacti: The complete RRDTool-based graphing solution.

What is Cacti?


Support Cacti
Report an Issue

Mailing Lists


Release Notes -

Welcome to Cacti 1.2.13!

With this release, there are a number of CVE's that have been addressed. We would like to take this moment to thank those who have contributed to Cacti with special mention to: Mayfly277 ddb4github yingbaiibm DavidLiedke kim-fitness bmfmancini riversdev0 The Cacti Group are made up of volunteers where all help and contributions are appreciated. Thanks to GitHub's recent Sponsors program, you can now also contribute financially to the project by using the "Sponsors" button on the GitHub Cacti repository or when viisting We hope that you enjoy this release and that in the current unsettling climate, you are all safe and well.

Special thanks to all that have helped by contributing code and reporting issues on GitHub!

For additional details, please check out the README located on GitHub.


security#3544: jQuery XSS vulnerabilities require vendor package update (CVE-2020-11022 / CVE-2020-11023)
security#3549: Lack of escaping on some pages can lead to XSS exposure
security#3582: Update PHPMailer to 6.1.6 (CVE-2020-13625)
security#3622: SQL Injection vulnerability due to input validation failure when editing colors (CVE-2020-14295)
security#3628: Lack of escaping on template import can lead to XSS exposure
issue#3517: When generating reports, function looping can occur resulting in 100% cpu usage
issue#3525: When viewing Graphs, zoom functionality prevents drag and drop of image
issue#3527: When using 95th Percentiles, undefined index errors can be generated
issue#3532: When using Realtime, if no graph contents are present an error is generated
issue#3533: When exporting data, Start date for RRDfile does not match start date of first data row
issue#3536: When using Navigation Menu, Show/Hide in Response mode does not always work
issue#3538: When using Realtime, race conditions between browser and function loading can occur
issue#3543: When exporting CSV data, Unicode prefix is not properly set
issue#3551: Authentication can fail when using Web Basic Authentication and Template User
issue#3553: When attempting to view an aggregate graph that does not exist, many errors are generated
issue#3563: Current orphan handling disrupts graphing transient indexes
issue#3566: Automation incorrectly attempts to use MacTrack to duplicate options
issue#3567: When Boost runs, locks are not always released properly and crash is detected
issue#3569: Invalid font results in large number of log entries
issue#3571: Correct various runtime errors due to incorrect message variables
issue#3574: Saving Graph Template Items take a long time on large systems
issue#3577: Hosts are being incorrectly filtered when first displaying with filter set to all
issue#3579: Graphs can incorrectly show as 'Empty Graph'
issue#3581: Realtime graph window is not resizing properly
issue#3588: Validation warnings are generated when viewing/editing devices
issue#3594: Automation hangs for certain schedule types
issue#3595: Template to Device sync text is not consistent
issue#3596: When importing template, resources aren't checked properly
issue#3597: Template to Device sync provides no feedback
issue#3598: When editing graphs and graph templates, back button results in broken page
issue#3599: When downgrading, templates are fully selected for install
issue#3601: When a device is down, instate can show wrong time
issue#3607: When session timeout occurs, subsequent authorized access to areas can become blocked
issue#3611: Allow CHANGELOG to be viewable from the GUI
issue#3613: When modifying trees, devices and graphs lists ignore Autocomplete Rows setting
issue#3614: When section tabs wrap, the title of the first section can become obscured
issue#3624: When previewing graphs, sometimes the images fail to appear
issue#3629: Log files are not rotated properly on remote pollers
issue#3631: Command line scripts do not allow an unlimited runtime causing timeouts
issue#3632: When mysql connection fails, various unexpected errors are recorded
issue#3635: Automate generates undefined index errors when communicating with remote pollers
issue#3639: When updating a device, duplicate entry errors occur when inserting to the database
issue#3646: Adding datasource fails from CLI due to missing function
issue#3651: Editing any item on an Aggregate Graph that has been converted to a normal graph breaks entire graph
issue#3655: Rare race condition between Boost and Poller can result in unexpected missing table errors
issue#3659: When viewing logs, unexpected 'needle' errors can be seen on rare occasions
issue#3663: Disabling a Data Collector can cause unexpected errors
issue#3668: When Input Field is in error, message reports field will be highlighted which is incorrect
issue#3669: When adding an Input Field, the Input Method can be renamed unexpected
issue#3673: Spikekill does not receive correct `avgnan` value when launching from GUI
issue#3676: Device not showing up in device page but showing up in Monitor tab
issue#3681: Item movement arrows do not properly align on all themes
issue#3682: When in 'Time Graph View' mode, Zoom features do not work correctly
feature#3611: Allow CHANGELOG to be viewable from the GUI
feature#3647: When adding datasource fails from CLI, created Datasource ID should be printed
feature#3666: Update jstree.js to 3.3.10
feature#3688: Update phpseclib to 2.0.28
Copyright © 2004-2020 The Cacti Group, Inc. - Cacti is the registered trademark The Cacti Group, Inc.

PHP      RRDTool