Log Message:
(net/cacti) Updated 1.2.7 to 1.2.11

1.2.11
-security#1566: Add SameSite support for cookies
-security#1985: Cookie should be properly verified against password
-security#3342: CSRF at Admin Email
-security#3343: Improper Access Control on disabling a user.
-security#3414: Update to jQuery 3.4.1 to resolve XSS issues with jQuery 3.3.1
-issue#2265: When attempting to save Graph field, query_ifSpeed is not properly \ 
validated
-issue#2400: Allow ability to duplicate site settings
-issue#2428: Make plugins non-case sensitive for folder names, whilst allowing \ 
nicer display names
-issue#2580: When running DSSTATS, system isn't properly detecting that another \ 
is already running
-issue#2853: Discovered Devices filtering do not include snmp description or name
-issue#3231: Allow user to unlock a tree that has been locked for editing by another
-issue#3237: Report gets resent every poller cycle
-issue#3247: Language source files do not update "PO-Revision-Date" \ 
attribute
-issue#3261: Automation rules aren't run for new devices on remote data collectors
-issue#3296: Bad PHP memory limit values can result in failed upgrades
-issue#3299: When using php-snmp and setting SNMPv3, warning is now shown as \ 
library does not support it properly
-issue#3303: When installing under Windows OS, path expansion is not converted \ 
to PHP required format
-issue#3310: When using 32-bit OS, automation errors can be seen due to subnet \ 
mask calculations
-issue#3312: Console menu does not auto-expand for graph item editor page
-issue#3313: When installing, multiple issues can be seen due to bad packages
-issue#3314: Script Server has invalid debug code left in
-issue#3317: Warnings can appear from CSRF Magic library due to multiple token \ 
values being found
-issue#3319: Errors can occur upgrading from 0.8.x due to incorrectly detected \ 
data source profile id
-issue#3322: When searching for LDAP accounts, allow recursive searching
-issue#3330: Packages that are not properly formatted can cause installation issues
-issue#3334: When upgrading from 0.8.x Automation SNMP Options should be populated
-issue#3335: Unable to hide Device based Aggregate Graphs on Tree
-issue#3336: Plugins need the ability to relax some content security policies in \ 
order to work properly
-issue#3340: Undefined variable warning can appear when using 95th percentile graphs
-issue#3341: MoTranslator does not appear to be handing null values properly
-issue#3345: When attempting to refresh datetime picker, unexpected results can \ 
appear
-issue#3346: When attempting to rewrite octet strings, extra space breaks \ 
pattern matching
-issue#3348: When attempting to handle Orphans and/or Sync Graphs, results are \ 
not as expected
-issue#3349: Prevent setting the PHP variable max_input_vars since it is read only
-issue#3350: When editing a data source template, inconsistent results can be \ 
seen due to database query
-issue#3355: When viewing raw graph data via the GUI, values are not always \ 
calculated correctly
-issue#3357: Tree Search textbox resizes to 0 in some cases
-issue#3360: When using guest accounts, after several timeouts result in \ 
refreshes, guest becomes logged out
-issue#3363: The current user and user group permissions pages are not responsive
-issue#3367: When Data Queries timeout, data is removed from the Host SNMP Cache \ 
table causing issues
-issue#3368: Saving a Graph Template Item fails due to missing includes
-issue#3373: When logging in via LDAP, ActiveDirectory would sometimes report \ 
insufficient access
-issue#3375: When polling more often than default period of collecting data, \ 
distribution of collected data was not occurring
-issue#3376: Improve speed when recovering from a poller from offline state
-issue#3378: When attempting to check whether to include MoTranslator, typo \ 
makes it appear unavailable
-issue#3380: php error when trigger threshold sendmail
-issue#3386: Second data collector shows as running when its has no items to gather
-issue#3387: Minor corrections to CSRF Magic
-issue#3388: Naming of CLI programs does not always match name used within \ 
syntax usage advice
-issue#3390: Incorrect breadcrumb bar if current tab is not "Graphs"
-issue#3402: Cacti scores low on performance audit on lighthouse audit
-issue#3408: CSRF Secret path is not passed properly when attempting to \ 
initialize secret
-issue#3409: Issues with navigation link activations to other base Cacti pages
-issue#3410: Zoom looses focus in advanced mode while crossing chart border
-issue#3411: When upgrading a primary server, full synchronization is not \ 
happening as expected
-issue#3412: When upgrading a primary server, automation templates are removed
-issue#3413: When upgrading and choosing to upgrade your packages, installer \ 
finishes without package data in log
-feature#1551: Allow system uptime to be a variable for use with graphs
-feature#1990: Plugin Realm should have a 'role' to help maintain changes \ 
between plugins
-feature#2110: Add Refresh Interval to Data Collectors display
-feature#2156: Add Location based filtering
-feature#2236: Allow for Purging of Data Source Statistics from the GUI
-feature#2268: Restore ability to duplicate a data profile
-feature#2534: Enhance table navigation bars to support systems with larger \ 
number of items
-feature#2688: Increase length of Graph Item 'value' field to support \ 
pango-markup better
-feature#3304: Allow Basic Auth Accounts to be mapped by CSV file
-feature#3366: Make form elements under checkbox_groups flow using flex grid style
-feature#3374: Set the domain attribute to secure cookies for the 'remember me' \ 
option
-feature#3403: Enhance the "Graph Debug Mode" to display RRDtool \ 
Command lengths and excess warnings

1.2.10
-security#3285: When guest users have access to realtime graphs, remote code \ 
could be executed (CVE-2020-8813)
-issue#3240: When using User Domains, global template user is used instead of \ 
the configured domain template user
-issue#3245: Unix timestamps after Sep 13 2020 are rejected as graph start/end \ 
arguments
-issue#3246: When upgrading with remote collectors, sync status does not always \ 
return properly
-issue#3250: When PHP memory limit is set to -1, recommendation value fails
-issue#3253: Upgrade can stall when checking permissions on csrf-secret.php
-issue#3254: Installer shows script owner rather than running user for suggested \ 
chown command
-issue#3266: When setting User Groups to 'Defer to the User', setting can lead \ 
to user being told they have no permissions
-issue#3269: When searching Graphs under a Chinese language, an unexpected error \ 
as sometimes shown
-issue#3274: When editing a tree, multiple device drag/drop does not work
-issue#3276: When spine aborts, script server can be left wanting or generating \ 
unnecessary logs
-issue#3277: When boost does not find an initial time, numeric errors can be raised
-issue#3281: When changing Graph Template options, incorrect image format may be \ 
selected
-issue#3282: Graph's can be sized incorrectly if image is SVG format
-issue#3283: When setting a file path, valid characters not recognised properly
-issue#3287: When using graph template 'Cacti Stats - User Logins', an incorrect \ 
count of invalid users can be seen
-issue#3288: When on Device page, pressing 'Go' on the filter caused Device New \ 
menu pick to appear
-issue#3289: When using CMD.PHP, poller id is not always shown properly
-issue#3290: When using CMD.PHP, inconsistent device logging levels may occur
-issue#3298: When initialising fields in JavaScript, text/textarea elements have \ 
width set to zero if it is hidden by parent
-issue#3302: Editing a Graph Template does not show the Data Template name

1.2.9
-security#3191: Lack of escaping on some pages can lead to XSS exposure \ 
(CVE-2020-7106)
-security#3201: Remote Code Execution due to input validation failure in \ 
Performance Boost Debug Log (CVE-2020-7237)
-issue#2937: Devices still show in lists despite being deleted
-issue#3038: When editing an aggregate on smaller screens, layout may not be correct
-issue#3136: Upgrade may fail between 1.2.7 and 1.2.8 if incompatible database \ 
format used
-issue#3142: Chrome sets graphs tree navigation view to width 0px
-issue#3146: Unable to create aggregate graphs on new installations
-issue#3149: After refresh of page, tooltips stop working
-issue#3150: When using Time Graph View, Zooming can cause errors
-issue#3151: Passing glue string after array is deprecated in PHP 7.4
-issue#3155: Aggregate does not correctly follow color template when reordered
-issue#3156: On new installs, gprint_format was missing from table aggregate_graphs
-issue#3157: Back button not working properly with Classic theme
-issue#3158: Classic theme show only 3 tabs on mobile device. Don't show Console menu
-issue#3159: PHP Memory is not correctly identified when value is not in megabytes
-issue#3161: When the poller_output_boost table is missing, recreate it before a \ 
poller run
-issue#3163: When using RPMlint, Free Software Foundation address is shown to be \ 
incorrect
-issue#3165: Zoom looses its focus after all graphs on page rendered
-issue#3166: When changing zoom level, graphs are resized inappropriately at the end
-issue#3167: Installer should initialize the csrf-secret.php file automatically
-issue#3168: sqltable_to_php.php script does not pick up row_format
-issue#3177: Remove legacy plugin hook that presents potential 3rd party \ 
security issues
-issue#3178: The change password page is not displaying the rules
-issue#3180: Receiving undefined index errors when working with some Data Queries
-issue#3181: When configuration file is unreadable, Cacti shows database \ 
connection errors if non defaults are needed
-issue#3182: When a database connection error occurs, there is no way to report \ 
actual error
-issue#3184: Improve program path detection by using system path and PHP_BINDIR
-issue#3193: Starting with MySQL 5.7 some sql_mode variables are required for \ 
some plugins
-issue#3196: Minimize use of eval() in JavaScript due to emerging \ 
Content-Security-Context guidelines
-issue#3200: Unable to mass change Graph Template image format in mass
-issue#3206: Converted aggregate graph cannot be edited
-issue#3209: Error occurs when Creating New Graphs through Automatically Added \ 
Devices using Sync Device Template
-issue#3216: When editing a Data Source Profile size is shown as 'N/A'
-issue#3224: When removing graphs by command line, regex is not properly \ 
validated when empty
-issue#3225: Unable to Import Templates due to invalid dependency hash
-issue#3226: When processing secpass login, failed logins are not recorded
-issue#3228: Login page does not remember the last realm used by user
-issue#3232: When editing HRULE and VRULE items, color selector was not presented
-issue#3233: When working with non-templated graphs, it can be difficult to \ 
determine what items represent
-issue#3235: Transient errors may occur with table poller_output_boost_arch

1.2.8
-security#3025: CVE-2019-17357 When viewing graphs, some input variables are not \ 
properly checked (SQL injection possible)
-security#3026: CVE-2019-17358 When deserializating data, ensure basic \ 
sanitization has been performed
-security#3066: When using HTTPS, secure cookie to prevent potential weakness
-issue#1228: Any tree or branch with a long name force main content off screen
-issue#2133: Long snmp_indexes are being cut off
-issue#2888: Long hostnames cause template filter to go off page
-issue#2987: Changing Color Template does not update Aggregate
-issue#2989: Allow Remote Data Collectors to maintain their own path variables
-issue#2991: Cacti Statistics device template can generate unexpected errors
-issue#2995: When editing a report, column setting may be ignored incorrectly
-issue#2996: When editing a user, graph options do not properly reflect \ 
previously saved settings
-issue#2998: Session performance issues due to excessive use for database storage
-issue#2999: Blank arguments can lead to extra spaces in script arguments
-issue#3006: Boost generates undefined variables warning during poller run
-issue#3011: i18n logging does not check write permission exists
-issue#3012: When viewing realtime graphs, some input variables are not properly \ 
checked
-issue#3013: Allow legends to be modified for Aggregate Graphs
-issue#3017: Automation network range with spaces fails validation
-issue#3019: User selected language is not always adhered to
-issue#3021: Tree view cuts off at the bottom of page on modern theme
-issue#3023: When clicking highlighted tab, side panel is not always \ 
shown/hidden correctly
-issue#3027: Aggregate Graph re-ordering does not work
-issue#3028: When zooming a graph, unable to reach edge of graph without losing focus
-issue#3030: Pace continues to run even after a page is finished rendering
-issue#3032: Graphs may select MAX instead of AVERAGE as consolidation function \ 
even if there is no item with MAX present.
-issue#3035: When editing a tree, can not remove entries due to CSS bug
-issue#3037: When emptying poller output using cli, debug functions are not \ 
properly included
-issue#3039: Allow packagers to be able to specify an alternate location of \ 
csrf-secret.php file
-issue#3040: When running automation, discovery can still run even if cancelled
-issue#3041: When running automation, scans do not always respond to being cancelled
-issue#3042: When running automation, scan can fail when selecting remote pollers
-issue#3045: When viewing Aggregate Graphs, an error due to undefined referrer \ 
may occur
-issue#3047: When saving settings, ignore remote pollers who have not checked in \ 
recently
-issue#3050: When viewing graph trees, some input variables are not properly checked
-issue#3052: When editing CDEF's, slow database performance can occur
-issue#3053: When viewing graph thumbnails, some input variables are not \ 
properly checked
-issue#3055: During install/upgrade, database tests are not performed correctly
-issue#3059: When using nth_percentile, correct value is not always returned if \ 
using MAX consolidation
-issue#3060: When upgrading from older MySQL databases, format is not changed \ 
from compact to dynamic
-issue#3061: When running automation, allow SNMP to be used as a ping method
-issue#3068: When administrating users, some input variables are not properly checked
-issue#3070: Improve database logging when a crashed table is encountered
-issue#3073: Automation network range does not always produce the correct \ 
start/end values
-issue#3078: When viewing graph debug from remote data collector, File Not Found \ 
warnings can appear incorrectly
-issue#3079: Allow domain names to be stripped from a device's long description
-issue#3080: Remote Agent throws warnings that graph_nolegend has not been sanitized
-issue#3085: When editing a poller, ensure each listening IP is unique
-issue#3081: External Links are not showing a glyph when they appear on the \ 
Console menu
-issue#3089: When viewing graphs in realtime, undefined variable can be logged \ 
for 95th Percentile graphs
-issue#3099: Graph template 'Linux - Memory Usage' has the wrong unit on its \ 
vertical_label
-issue#3101: Polling times can be slightly inconsistent due
-issue#3104: When viewing graphs, a byref error can be seen in the error logs
-issue#3105: When viewing hosts, some input variables are not properly checked
-issue#3111: When adding devices via command line, bad SNMP versions are not reported
-issue#3112: When zooming on Graphs, too many requests are being made causing \ 
slowness
-issue#3114: Support for USB devices that change name due to their hosts restarting
-issue#3118: When converting tables, the dynamic row format should be selected
-issue#3119: Main Data Collector should perform a Full Sync whenever it is \ 
installed/upgraded
-issue#3120: Correct issues causing incompatibility with PHP 7.4
-issue#3121: When converting tables during install, show what will be changed
-issue#3123: Named colors table is not properly imported/upgraded
-issue#3124: When a second data collector is added, boost is not enabled \ 
automatically
-issue#3128: i18n handler checks for existence of wrong mo file
-issue#3129: Logout repeated occurs even when already logged out
-issue#3132: Installer fails to continue if automation range is array of networks
-issue#3098: Support percent sign(%) in graph gprint item like legend area.
-feature#3077: Allow disabling remote poller resource cache replication to \ 
support upgrade testing