A newly revealed critical vulnerability impacting Apache Log4j was disclosed and registered as CVE-2021-44228 with the highest severity rating. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. By exploiting this vulnerability, a remote attacker could take control of the affected system.
We would like to assure all users that GLPI core and its plugins, being written in PHP and not using Log4j, are not affected by the Log4Shell vulnerability.
Exploiting this vulnerability requires a Java Virtual Machine and the org.apache.logging.log4j.core.lookup.JndiLookup Java class in a vulnerable version. None of them are included or used in GLPI distributions.
We can also confirm that:
GLPI Android Agent (writen in Java), doesn’t use Log4j library, and thus is not affected by the Log4Shell vulnerability
GLPI Agent (writen in Perl), is not affected by the Log4Shell vulnerability
Warning: this does not prevent layers/tools potentially upstream of GLPI (reverse-proxy, firewall, etc.), or connected to GLPI, which we are not aware of in your context, from being potentially impacted.
For example, if you have a Metabase server connected to GLPI you should note that Metabase (<0.41.4) is affected by Log4j vulnerability, and you should update it ASAP!
Procsi is an Information System Integrator and Operator. It is a small, strong structure started by a group of experienced professionals, with references from small to large companies, operating in fields:
AUDIT & CONSULTING: IS strategy, security, project management, ITSM; IT MANAGEMENT: management of computers, servers, networks, telephony; INTEGRATION: business software, ITIL tools, processes; TELEPHONY: network infrastructure, VoIP network security, SBC.
We are proud that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.
Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: click here.
Being a partner means having an a direct access to the Teclib´s technical database, new releases, official support and many other tools which will help you to gain more customers and increase reputation on the market. Find out all benefits of being a partner sending us an email:click here.
Formcreator plugin for GLPI is a plugin which allows to create custom forms of easy access. Using Formcreator in GLPI you can offer your users alternative way of ticket creation. All forms are completely translatable and wide selection of fields types is available. Today we are happy to announce the release of Formcreator plugin version 2.12.0 beta:
Meet the new feature: translatable forms! Now you can translate any form to any language without having to duplicate it. We have prepared the video to showcase the feature:
If you use anonymous forms, the plugin detects the language of the browser and attempts to use the suitable translation (if available).
Using GLPI on-premises? Do you want to try GLPI with all exclusive plugins and support package included? We offer free data migration, so you can test the platform in a production mode.
Here is why you have to give it a try:
All GLPI Network Cloud instances includes Support L.3 and covered by Teclib guarantee.
Speed of implementation:
You do not have to make the initial installation, GLPI Network Cloud is already setup, just create your account and start parameterization.
Updates and backups are included to our offer, no need to worry about data loss anymore!
Use all exclusive GLPI plugins to enhance your experience: Branding to customize your instance, AdvancedDashboards to build your own reports, Oauthsso to login via third party providers like Facebook or Azure, etc.
Formcreator plugin for GLPI is a plugin which allows to create custom forms of easy access. Using Formcreator in GLPI you can offer your users alternative way of ticket creation. All forms are completely translatable and wide selection of fields types is available. Today we are happy to announce the release of Formcreator plugin version 2.11.4.