New version GLPI 10.0.7: A new GLPI version is available.
This release fixes several security issues that have been recently discovered. Update is recommended!
You can download the GLPI 10.0.7 archive on GitHub. We still maintain maintain the 9.5 branch for security fixes and we also release a new version for it: GLPI 9.5.13 archive
You will find below the list of security issues fixed in this bugfixes version:
SQL injection and Stored XSS via inventory agent request (CVE-2023-28849).
Account takeover by authenticated user (CVE-2023-28632).
SQL injection through dynamic reports (CVE-2023-28838).
Stored XSS through dashboard administration (CVE-2023-28852).
Stored XSS on external links (CVE-2023-28636).
Reflected XSS in search pages (CVE-2023-28639).
Privilege Escalation from technician to super-admin (CVE-2023-28634).
Blind Server-Side Request Forgery (SSRF) in RSS feeds (CVE-2023-28633).
Also, here is a short list of main changes done in this version:
Optional GLPI router to be able to use a safer web server root directory.
Support of SMTP OAuth authentication.
Improved inventory file upload feature.
Many fixes and improvements on native inventory.
Some bugs on PHP 8.2.
Caching issues on entities.
Boolean FullText operator not working on knowledge base search.
Unexpected search results when using negative condition on ticket actors.
Issues with LDAP filters/DN.
Unexpected results when searching on knowledge base categories.
In GLPI 10.0.5 contains a fix which breaks ability to upload files from a public form. It not possible restore this feature without introducing a security problem. Therefore, in this version, it is no longer possible to add a question of type File in a public form. Questions of type Textarea won’t allow users to upload pictures anymore.
It is recommended to update your public forms to remove questions of type File. If you don’t, then requesters will encounter problems when they try to upload files.
Upgrade from 2.13.0 or later
A database sanity check is done before running the upgrade. If the tables of the plugin have a difference with the expected schema the upgrade will fail with a message similar to the following:
The database schema is not consistent with the installed Formcreator 2.13.0.
To see the logs enable the plugin and run the command bin/console glpi:database:check_schema_integrity -p formcreator
It is required to fix the database, using the diff produced by the CLI command given in the message. Once done, try again to upgrade.
ℹ️ If you know what you are doing you may bypass the sanity check from CLI with the following command.
Founded in 2012, on the initiative of young Ivorian entrepreneurs, VBEST TECHNOLOGIES is a company specialized in design and integration of IT solutions and technologies installed in Abidjan Ivory Coast.
The VBEST team is mainly composed of certified and experienced engineers and technicians, trained to work on all the proposed technologies, whether they are whose knowledge is regularly updated in order to provide our customers with high quality services.
Today is a reference company in the business of integration of ICT solutions in Côte d’Ivoire and in West African sub-region, VBEST TECHNOLOGIES shares with its customers, partners and collaborators , values that promote exchanges, allowing everyone to find their place and express its full potential while striving to apply them in all our relationships in order to always place people at the heart of our projects.
VBEST’s clients include many national and international companies, particularly in the banking, insurance, industry and public sectors. Its activity is organized around five (5) main areas of expertise:
We are excited that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.
Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: https://glpi-project.org/contact/
Being a partner means:
Having an a direct access to the Teclib´s tech expertise;
Get special discounts;
Access official support,
Many other tools which will help you to gain more customers and increase reputation on the market by adding open source ITSM to your portfolio.
We met with Thomas Novotney, senior computer systems analyst at Susquehanna Nuclear in Berwick, Pennsylvania, which is owned by Talen Energy.
Susquehanna Steam Electric Station (SSES) generates clean, reliable, safe, and affordable energy to power homes, businesses, hospitals, and schools, driving regional economies.
The plant has two boiling water reactors capable of generating ~2,500 MW of power, enough to power 2M homes.
In this interview, you will discover how Thomas uses GLPI to inventory assets, why he chose open source and how GLPI answers cyber security requirements.
How can you try GLPI?
If you have not tried GLPI yet, you can start a free 45 day trial on GLPI Network Cloud (no credit card needed!): https://glpi-network.cloud/
If you want to download GLPI on-premise and need assistance, our partners-integrators can support you (you will need to have a valid GLPI Network Subscription).
If you want to share your experience using GLPI, we encourage you to complete the form:
We are happy to announce our new Silver partner in Perú – IT Green.
IT Green is a company specialized in information technology, composed of experienced and highly trained professionals. They have strategic alliances that complement their services and aligned to good practices, ensure a fast and efficient service, always customer oriented with a high level of quality and cordiality.
Its mission is to generate efficiencies through integral services and solutions, seeking to create and strengthen solid and lasting business relationships that will allow mutual business development as well as the professional and personal growth of its people.
We are excited that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.
Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: https://glpi-project.org/contact/
Being a partner means:
Having an a direct access to the Teclib´s tech expertise;
Get special discounts;
Access official support,
Many other tools which will help you to gain more customers and increase reputation on the market by adding open source ITSM to your portfolio.
We would like to announce that official support for GLPI 9.5.x will be discontinued on 30.06.2023. Starting from the 1st of July 2023 (3 years after the first launch of this version) we will have to say goodbye – there will be no new releases 9.5.x.
It is mandatory to migrate to GLPI 10.0.x in order to be covered by official support.
How-to MIGRATE:
—OPTION 1: You can do the migration via official partners-integrators (if you have a valid GLPI Network Subscription); or
—OPTION 2: If you choose GLPI Network Cloud, we offer a free data migration from on-premise for everyone.
We ask you to communicate the upcoming changes to your customers and finish migrations before 30.06.2023.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
