Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When upgrading Cacti deprecated/removed libraries and files still exist #5588

Open
thurban opened this issue Nov 20, 2023 · 1 comment
Open
Labels
enhancement General tag for an enhancement

Comments

@thurban
Copy link
Contributor

thurban commented Nov 20, 2023

Feature Request

Is your feature request related to a problem? Please describe

WHen upgrading Cacti by overwriting the Cacti files directly from the zip/tar archive, any existing files/libraries, which are not being used anymore, will still exist. Examples are the old phpsnmp, phpgettext,phpmailer libraries, which have been moved from the include to the include/vendor sub-directory.
This poses a potential security issue as these libraries still exsit and will not be updated to the latest version.

Describe the solution you'd like

During the Upgrade process, the installer should highlight these left-over files/directories and ask for their removal ( or if possible remove them ). A CLI and/or a Utility function on the web-interface should be available to highlight these files as well.

THe Resource-Cache needs to be cleaned accordingly.

Describe alternatives you've considered

At least a notification should note that files or directories have been changed.

Alternative for an upgrade is to do a clean install in a a new directory and migrating over any plugins/themes/scripts ... manually.

Additional context

Example:
Cacti 1.1.28 has phpmailer 5.2.26 in the include directory
Cacti 1.2.25 has phpmailer 6.1.8 in the include/vendor sub-directory.

Upgrading Cacti 1.1.28 to Cacti 1.2.25 results on both phpmailer versions existing in different version on different paths, with the older phpmailer not being updated anymore.

@thurban thurban added the enhancement General tag for an enhancement label Nov 20, 2023
@netniV
Copy link
Member

netniV commented Nov 27, 2023

The issue with this, is that we are not always in control of the locations and versions of vendor packages. Therefore, what may be considered outdated on one system, may be the latest available on another. Even advising this to the system admin as a suggestion for removal would potentially break things on those systems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement General tag for an enhancement
Projects
None yet
Development

No branches or pull requests

2 participants