Teclib’ semi-annual corporate reunion.

by | Oct 7, 2022 | News

On Friday the 30th of September all Teclib´ employees gathered together for the semi-annual corporate event.

Our collagues traveled from different parts of Europe, Latin America and France to spent some time on-site for a face-to-face conversations, exchange the ideas, talk about the completed projects and challanges we have faced.

Presential meetings like this one boost inside cross-sellings, help us to understand better the market statem address its´ demands and expand business developement.

Teclib Day

But first, coffee: the day started with hot drinks and croissants to welcome everyone and and set the mood for the presentations.

This year Teclib´ marks 13 years of growth (since 2009) based on our priciple values: open source technologies, eco-mindful approach and sharing economy.

Pascal Aubry (CEO) opened the program talking about Teclib’ history milestones, mission and vision, new challeges and strategy. In total the company counts with 4 business units, each offers highly demanded IT, e-commerce, software and digital services.

Buy the Way is an agency that offers development of ecommerce and corporate websites and intranets, custom solutions, mobile apps, responsive designs, community management, SEO, video, design and digital marketing, among other services.

Website: https://www.buy-the-way.com/

GLPI is proud to announce the expansion of GLPI Network Cloud offer. If you have not tried it yet, it is an open sourse SaaS platform developed by Teclib´ for management of IT and related workflows. Using just one tool you can run helpdesk, control assets´ park, track the expenses and team work with project management feature.

Websites: https://glpi-project.org/ and https://www.glpi-network.cloud

Hodei is an Odoo Gold integrator partner and winner of the Odoo Best starter Partner 2015 award. The team of passionate developers, consultants and business experts aims to help make Odoo project a success. Within the services they offer, you can find configuration, deployment, trainings, and assistance.

Website: https://www.hodei.net/

The official part ended with SerenIT business unit director presented news and future goals.

Serenit is an expert in multi-cloud outsourcing in France. Its´ team provides all IT services, helping users optimize and protect their IT infrastructure.

Website: https://www.serenit.fr/

After a lunch break in presentations schedule, three speakers from the association “La Fresque du Climat” made employees participate in a workshop on climate change, ecology, climate, biodiversity, etc. Teclib’ wishes to transmit these values and since one of the offices is located at the Domaine du Tronchay everyone took part in the express pomology course.

To end this day, it was aperitif time, time to chat, have fun and enjoy this evening with music, DJ, games, and karaoke!

Teclib´ Day brings up the great importance of team meeting which allows us to forge ties, meet new people and develop expertise.

Thank you all for coming to share one more Teclib’ Day together.

Important message about security (CVE-2022-35947, CVE-2022-35914)!

by | Oct 5, 2022 | Blog, News

We published corrective versions on september 14, 2022:

These fix two critical security vulnerabilities: a SQL Injection (CVE-2022-35947), and a Remote Code Execution (CVE-2022-35914, vulnerability in the third-party library, htmlawed), the latter has been massively exploited since October 3, 2022 to execute code on insecure servers, available on the internet, hosting GLPI (GLPI Network Cloud instances are not impacted).

If you are not on the latest version 9.5.9 or 10.0.3, you must update your instances according to the recommended method (from an empty folder, without overwriting existing GLPI files).

We noticed there is a scenario where the corrective versions can also be impacted: when a GLPI update has been performed, by unpacking the archive over the existing folders and files. We insist this way of updating GLPI is a bad practice and despite the current security problem, exposes you to bugs.

We invite you to correctly re-install your GLPI as indicated in the documentation:

  • from an empty folder
  • copy the files from the archive of the latest version
  • get your config/ and files/ directories from the old instance.

Workarounds to deal with RCE urgency (this does not fix SQL injection):

  • delete the vendor/htmlawed/htmlawed/htmLawedTest.php file (be careful not to touch the htmLawed.php file which is legitimate).
  • prevent web access to the vendor/ folder by setting (in the case of Apache for example) an adequate .htaccess.

If your server has already been corrupted, you probably need to start from a new server, on which you will import your SQL dump and the folders mentioned above.

New Silver Partner: HarPer Srl

by | Sep 28, 2022 | News

We are happy to announce our new silver partner in the Dominican Republic – HarPer Srl.

HarPer Srl is an IT company primarily engaged in providing cybersecurity technological solutions to their customers.

They provide support of businesses throughout their life cycles from installment of new infrastructure, development of new systems, secure their data or even their physical locations. Also, they provide guidance or recommendations for business continuity.

Among many solutions, HarPer Srl offers:

  • Pentesting, hardening access control, vulnerability Assessment, implementation of information security improvements.
  • Implementation and troubleshooting of networks and infrastructure.
  • Development of desktop, web and mobile applications.
  • IT, network and security trainings|Project Management, Agile (Scrum, Kanban, etc.).

Website: https://www.har-per.com/

We are excited that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.

Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: https://glpi-project.org/contact/

Being a partner means:

  • Having an a direct access to the Teclib´s tech expertise;
  • Get special discounts;
  • Access official support,
  • Many other tools which will help you to gain more customers and increase reputation on the market by adding open source ITSM to your portfolio.

Discover all benefits of being a partner here: https://glpi-project.org/partners/

Formcreator 2.13.1 – bugfixes

by | Sep 20, 2022 | News

This version is compatible with GLPI 10.0.

⚠️ You must upgrade from a previous stable version. Upgrading from a development or testing version is not supported.

Bug Fixes

  • inverted existence test on ticket update (2acc5cd4)
  • log more errors, and update obsolete error logging (ae28ed6d)
  • restore page redirections existing in v2.12 (582f926c)
  • update obsolete error logging (da8929e0)
  • abstractitiltarget: glpi 10.0.3 will require a data with a valid value (5f385bb8)
  • actorfield: default value not saved (c3baebbe)
  • actorfield: php warning (6d3e98d1)
  • checkboxesfield: replace div with p in checkbowes answers (9ef95343)
  • composite: php warning breaks JSON if a ticket is not generated (2108983c)
  • descriptionfield: bad form rendering (87a74058)
  • filefield: php error when switching field type to file (a03c7a0a)
  • form: javascript (f05bc697)
  • form: list on self service homepage (ba6d4a58)
  • form: undefined var (169d2c8e)
  • form: url to form answer lists may be invalid (6cd29e6d)
  • install: avoid alter table fail (4dadea8a)
  • install: missing method in upgrade to 2.13.1 (7e9cdcd5)
  • issue: issue not deleted when tichet goes to trash bin (c977b1ca)
  • issue: purge issue when deleting associated ticket (76444ecc)
  • issue: recreate when restore ticket (2656e284)
  • item_targetticket: uuid to ID conversion (e9f326c0)
  • section: name encoding in designer and rendered form” (491dcb69)
  • targetticket: bad constant name (48dda4f3)
  • targetticket: table structure inconsistency (ff56f3f1)
  • targetticket: table structure inconsistency (892a83c3)
  • targetticket,targetchange: tags from queestion or specific tags not saved (ec08d95e)

Features

  • prepare compatibility with PHP 8.2 (#2966) (4bb7f3c3)
  • formanswer,issue: show title in navigation header (1878e4b0)
  • kb: preselect see all categorie (1b669d4f)

Help / Contribution needed
Locales updates: Some languages don’t have maintainer, or are late (many untranslated content). Please contribute on Transifex.

Check the changelog & download

New GLPI version 10.0.3

by | Sep 14, 2022 | News

A new GLPI version is available.

This release fixes several critical security issues that has been recently discovered. Update is strongly recommended!

You can download the GLPI 10.0.3 archive on GitHub.
Exceptionally, as we have critical security issues that affects GLPI 9.5, we also release a GLPI 9.5.9 archive.

You’ll find below the list of security issues fixed in this bugfixes version:

  • XSS through registration API (CVE-2022-35945)
  • Leak of sensitive information through login page error (CVE-2022-31143)
  • Stored XSS through global search (CVE-2022-31187)
  • Command injection using a third-party library script (CVE-2022-35914)
  • SQL injection through plugin controller (CVE-2022-35946)
  • Authentication via SQL injection (CVE-2022-35947)
  • Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning (CVE-2022-36112)

Also, here is a short list of main changes done in this version:

  • More precise rights checks on inventory (#12610)
  • Display of last inventoried value for locked fields (#12602)
  • Permit to use rules to add computers as virtual machines (#12572)
  • Delegate session cookies security to sysadmin (#12302)
  • Prevent collector failure on invalid mail header (#12232)
  • Many fixes on network inventory

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Regards.

New silver partner : ANC Technology Services S.A (Amvix)

by | Sep 5, 2022 | News

We are happy to announce our new silver partner in Costa Rica – ANC Technology Services S.A (Amvix).

ANC Technology Services S.A (Amvix) is a company with more than 14 years of experience in the market. They are specialized in OpenSource technologies for the implementation of network, security, Internet and CRM solutions.

They provide support in preventive management, consulting and infrastructure scaling. They approach the business opportunities offered by new computing technologies.

Among many solutions, ANC Technology Services S.A (Amvix) offers:

  • Consulting and Advisory.
  • Installation and configuration of Linux servers.
  • Desktop and application virtualization.
  • Technical support.

Websitehttp://www.amvix.com/

We are excited that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.

Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: https://glpi-project.org/contact/

Being a partner means:

  • Having an a direct access to the Teclib´s tech expertise;
  • Get special discounts;
  • Access official support,
  • Many other tools which will help you to gain more customers and increase reputation on the market by adding open source ITSM to your portfolio.

Discover all benefits of being a partner here: https://glpi-project.org/partners/