This release fixes several critical security issues that has been recently discovered. Update is strongly recommended!
You can download the GLPI 10.0.2 archive on GitHub. Exceptionally, as we have a critical security issue on an unauthenticated page, we also release a GLPI 9.5.8 archive.
You’ll find below the list of security issues fixed in this bugfixes version:
Unauthenticated SQL injection on login page (CVE-2022-31061)
SQL injection on actor part in assistance forms (CVE-2022-31056)
Unauthenticated Sensitive Data Exposure on Refused Inventory Files (CVE-2022-31068)
Also, here is a short list of important bugfixes done in this version:
FIX adding actors to ITIL Objects (#11796, #11957)
FIX unwanted “promote to ticket” feature on self-service interface (#11834)
FIX native inventory do not inject switch information (#11864)
We are happy to announce our new silver partner in Cameroon – AVS Telecom.
A.V.S Telecom SARL Telecom is a company specialized in the field of Information and Communication Technologies offering to all of its customers a wide range of ICT solutions including various collaborative services such as telephony over IP and videoconferencing, security services such as video surveillance and network security.
A.V.S Telecom SARL’s mission is to offer its SME/SMI customers a wide range of innovative, reliable and complete IT services for its IT equipment. These services, adapted to SMEs/SMIs, are usually offered to large companies. They therefore make it possible to develop, at a lower cost, secure computer network infrastructures helping them to optimize their performance at all levels.
We are excited that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.
Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: https://glpi-project.org/contact/
Being a partner means:
Having an a direct access to the Teclib´s tech expertise;
Get special discounts;
Access official support,
Many other tools which will help you to gain more customers and increase reputation on the market by adding open source ITSM to your portfolio.
We are looking for a researcher interested in working on a PhD thesis in computer science that consist in studying fundamental and practical issues in designing a system that will match machines inside an IT system with vulnerabilities affecting software installed on these machines, in order to signal to system administrators the vulnerability level and the need to protect or update each machine.
What is the duration of the intership?: 3 years, Starting September 2022.
Where will it take place?: Thesis will take place mainly at INRIA-Rennes site (Beaulieu scientific campus), inside the DiverSE team, and also inside Teclib (Caen,…).
Which is the profile we are looking for?: A person with:
Master in computer science or equivalent.
Good knowledge in development and software engineering.
Good level in english.
Curiosity, motivation, autonomy, ability to work inside a team, abstraction capabilities, programming ability, interest for open source.
Knowledge in automatic classification and machine learning is appreciated.
This release includes some fixes and enhancements. Here are the most important ones:
we implemented a feature request from the community to support SSL server certificate of the GLPI server deployment with operating system deployment feature:
on windows, the glpi server certificate can be deployed through the enterprise keystore,
on macosx, the glpi server certificate can be deployed in system keychain through a MDM.
we added the support of the new ‘ssl-fingerprint’ option and it permits to trust a GLPI server certificate without the need of deploying a certificate:
you can first enable one time the ‘no-ssl-check’ option on one agent to find the related ssl fingerprint reported in agent log,
then you can set the discovered value for all your agents and disable ‘no-ssl-check’ on the first one.
the windows MSI packaging is now using Perl 5.36.0 and includes some fixes and improvements:
as it was wrongly creating firewall rules, this is fixed and wrong rules are removed,
few libraries was missing if you wanted to use SNMPv3 authentication during network discovery or inventory,
the installer was failing to create the windows task when you wanted to use windows task scheduling,
few configurations was not possible during silent installation.
the MacOSX packages has been upgraded to use Perl 5.36.0, OpenSSL 3.0.3 & zlib 1.2.12 and the installation on APFS filesystem has also been fixed.
for linux packaging, we have also few big improvements:
AppImage support for older linux like CentOS 7,
AppImage uninstallation process has been improved,
Snap packaging has been upgraded to use Perl 5.36.0,
perl linux installer has been enhanced to support installation on openSUSE.
For inventory task, we integrated:
a patch from the community which can fix monitor inventory on linux,
an Oracle database inventory support update,
an update to avoid false positive antivirus alert during software inventory on windows,
a fix on JSON format support to avoid wrongly encoded strings on macosx,
a fix against a JSON validation error while monitor serial is an integer,
a fix on generated partial inventory as the ‘partial’ property was missing,
an update for additional-content option support while using JSON format.
RemoteInventory task has been improved so remote ssh inventory of linux/unix platforms can fallback on ssh command calls when libssh2 is not available.
Netdiscovery and NetInventory tasks now includes a module from the community which enhances DefensePro support.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
