GLPI is NOT affected by the Log4j vulnerability CVE-2021-44228

 

 

A newly revealed critical vulnerability impacting Apache Log4j was disclosed and registered as CVE-2021-44228 with the highest severity rating. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. By exploiting this vulnerability, a remote attacker could take control of the affected system.

We would like to assure all users that GLPI core and its plugins, being written in PHP and not using Log4j, are not affected by the Log4Shell vulnerability.

Exploiting this vulnerability requires a Java Virtual Machine and the org.apache.logging.log4j.core.lookup.JndiLookup Java class in a vulnerable version. None of them are included or used in GLPI distributions.

We can also confirm that:

  • GLPI Android Agent (writen in Java), doesn’t use Log4j library, and thus is not affected by the Log4Shell vulnerability
  • GLPI Agent (writen in Perl), is not affected by the Log4Shell vulnerability

Warning: this does not prevent layers/tools potentially upstream of GLPI (reverse-proxy, firewall, etc.), or connected to GLPI, which we are not aware of in your context, from being potentially impacted.

For example, if you have a Metabase server connected to GLPI you should note that Metabase (<0.41.4) is affected by Log4j vulnerability, and you should update it ASAP!

Documentation:

NEW SILVER PARTNER IN FRANCE: PROCSI

 

Procsi is an Information System Integrator and Operator. It is a small, strong structure started by a group of experienced professionals, with references from small to large companies, operating in fields:

AUDIT & CONSULTING: IS strategy, security, project management, ITSM;
IT MANAGEMENT: management of computers, servers, networks, telephony;
INTEGRATION: business software, ITIL tools, processes;
TELEPHONY: network infrastructure, VoIP network security, SBC.

Website: https://www.procsi.fr/ 

We are proud that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.

Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: click here.

Being a partner means having an a direct access to the Teclib´s technical database, new releases, official support and many other tools which will help you to gain more customers and increase reputation on the market. Find out all benefits of being a partner sending us an email: click here.

Check the list of our partners: https://glpi-project.org/partners/ 

Formcreator 2.12.0 beta: translatable forms!

 

 

Formcreator plugin for GLPI is a plugin which allows to create custom forms of easy access. Using Formcreator in GLPI you can offer your users alternative way of ticket creation. All forms are completely translatable and wide selection of fields types is available. Today we are happy to announce the release of Formcreator plugin version 2.12.0 beta:

Meet the new feature: translatable forms! Now you can translate any form to any language without having to duplicate it. We have prepared the video to showcase the feature:

If you use anonymous forms, the plugin detects the language of the browser and attempts to use the suitable translation (if available).

Download beta version here: click here

Reasons to migrate to GLPI Network Cloud!

 

 

Using GLPI on-premises? Do you want to try GLPI with all exclusive plugins and support package included? We offer free data migration, so you can test the platform in a production mode.

Here is why you have to give it a try:

Security:

All GLPI Network Cloud instances includes Support L.3 and covered by Teclib guarantee.

Speed of implementation​:

You do not have to make the initial installation, GLPI Network Cloud is already setup, just create your account and start parameterization.

Service:

Updates and backups are included to our offer, no need to worry about data loss anymore!

Functionality:

Use all exclusive GLPI plugins to enhance your experience: Branding to customize your instance, AdvancedDashboards to build your own reports, Oauthsso to login via third party providers like Facebook or Azure, etc.

Scalability:

Your team is growing? With monthly payments you can add as many agents as you need. Our payment system aslo allows to end service any time you want. Consult our Privacy Policy here: https://www.glpi-network.cloud/privacy-policies.php 

Start your free trial here: click

Formcreator 2.11.4: add objects created by Generic Object to forms.

 

 

Formcreator plugin for GLPI is a plugin which allows to create custom forms of easy access. Using Formcreator in GLPI you can offer your users alternative way of ticket creation. All forms are completely translatable and wide selection of fields types is available. Today we are happy to announce the release of Formcreator plugin version 2.11.4.

Bug Fixes

  • dropdownfield,glpiselectfield: entity recursivity regression
  • form: compatibility with themes
  • ldapselectfield: compatibility with PHP 8
  • selectfield: regex comparison
  • selectfield,cheeckboxesfield: too much escaping

Features

  • glpiselectfield: hook to allow plugins to declare their itemtypes

How does it work? The new feature allows to use in Formcreator new types of objects created by Generic Object plugin.

What is Generic Object plugin? This plugin allows you to add new inventory objects types, integrated into GLPI framework. Let´s see:

Download the release: click here or try it on GPI Network Cloud   
Important! You must use the latest version of Generic Object plugin (2.11.0) as well. Download it here.

Check our “how-to” video with step by step process: