When upgrading Cacti deprecated/removed libraries and files still exist

[thurban]

Feature Request

Is your feature request related to a problem? Please describe

WHen upgrading Cacti by overwriting the Cacti files directly from the zip/tar archive, any existing files/libraries, which are not being used anymore, will still exist. Examples are the old phpsnmp, phpgettext,phpmailer libraries, which have been moved from the include to the include/vendor sub-directory.
This poses a potential security issue as these libraries still exsit and will not be updated to the latest version.

Describe the solution you'd like

During the Upgrade process, the installer should highlight these left-over files/directories and ask for their removal ( or if possible remove them ). A CLI and/or a Utility function on the web-interface should be available to highlight these files as well.

THe Resource-Cache needs to be cleaned accordingly.

Describe alternatives you've considered

At least a notification should note that files or directories have been changed.

Alternative for an upgrade is to do a clean install in a a new directory and migrating over any plugins/themes/scripts ... manually.

Additional context

Example: Cacti 1.1.28 has phpmailer 5.2.26 in the include directory Cacti 1.2.25 has phpmailer 6.1.8 in the include/vendor sub-directory.

Upgrading Cacti 1.1.28 to Cacti 1.2.25 results on both phpmailer versions existing in different version on different paths, with the older phpmailer not being updated anymore.

[netniV]

The issue with this, is that we are not always in control of the locations and versions of vendor packages. Therefore, what may be considered outdated on one system, may be the latest available on another. Even advising this to the system admin as a suggestion for removal would potentially break things on those systems.