Following the last releases of 10.0.4 and 9.5.10, an annoying issue has been detected in one of the security fixes provided.
The user is logged out when he tries to switch to another entity.
So, we release new versions to address the bug, you can download them on github:
A new GLPI version is available.
This release fixes several security issues that has been recently discovered. Update is recommended!
You can download the GLPI 10.0.4 archive on GitHub.
We also provide a security release for 9.5 branch : GLPI 9.5.10 archive
You will find below the list of security issues fixed in this bugfixes version:
Also, here is a short list of main changes done in this version:
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
This version is compatible with GLPI 10.0.
Upgrade from 2.13.0 or later
A database sanity check is done before running the upgrade. If the tables of the plugin have a difference with the expected schema the upgrade will fail with a message similar to the following:
The database schema is not consistent with the installed Formcreator 2.13.0.
To see the logs enable the plugin and run the command bin/console glpi:database:check_schema_integrity -p formcreator
It is required to fix the database, using the diff produced by the CLI command given in the message. Once done, try again to upgrade.
ℹ️ If you know what you are doing you may bypass the sanity check from CLI with the following command.
bin/console glpi:plugin:install formcreator -f -p skip-db-check
⚠️ GLPI 10.0 encodes rich text content in a different way compared to GLPI 9.5. This revealed some bugs in the plugin in previous versions and GLPI may display old tickets with HTML tags. A CLI tool is available to fix 2 types of inconsistencies. You should test the command in a testing environment or do a backup first.
bin/console glpi:plugins:formcreator:clean_tickets
Bug Fixes
Features
Help / Contribution needed
Locales updates: Some languages don’t have maintainer, or are late (many untranslated content). Please contribute on Transifex.
We met with Alejandro Rodríguez Girbés, who leads the IT department of the company Neocos Laboratorios, located in Valencia, Spain.
The company manufactures hair dyes and hair care products for companies such as Mercadona. In this interview you will discover what GLPI tools Alejandro uses in his day to day life and how he improves his work and that of his team.
Interview:
– Hi Alejandro, thank you very much for joining us today. Please could you tell us your name and position
– My name is Alejandro Rodriguez, I work in Neocos Laboratorios as IT responsible for the IT of the company. We are dedicated to make hair dyes for Mercadona, I have more than 100 users, about 150.
-How did you hear about GLPI? What was the first version you tried?
– I have been using GLPI for maybe 5 years now. We implemented it in the company and it is a tool that being free is very easy to introduce to management and learn how to use it and then as soon as the users see how easy it is to put tickets it is very easy to implement in the company.
– How did you find out about GLPI?
I don’t remember how I found out about it. I think I was searching the internet looking for tools that would allow me to implement ITIL standards and one day I came across GLPI and since that day I have implemented it in this and other companies I have been in.
-What version are you currently using?
– I am currently starting to use the latest version 10.0.3 since the last two weeks. And my idea, is, once I finish implementing it well, to go to the Cloud version for convenience.
– What GLPI functions do you use? Helpdesk, Asset Management, Problem Management, Change Management, Financial Management, Reporting, User Management, Knowledge Base, etc.?
– I have always used it for inventorying all my IT equipment and for ticketing but then the ticketing part also has associated internal management of recurring cases and so on and in this version 10, which is already integrated the issue of inventorying more comfortable, in fact the documentation I found it right away and I inventoried all my part.
Now with this version 10 I am also inventorying the terminals that before I did not do it and now it is very simple and I am even with the management of contracts, budgets and projects. I think I use everything or almost everything! It is very comfortable for me!
– Do you use any GLPI network plugins? If yes, which ones?
– Not at the moment. I did install the IPs plugin and so on, but I didn’t have time.
– How does GLPI help you in your work? What were your requirements for the software and what business/IT problems were you willing to solve with GLPI?
– Starting with ticketing, it is very convenient for me to keep a record of the day to day quantified in numbers, then, it is very useful to keep the inventory of all the park I have, in that sense it is very comfortable because I can draw statistics and then take action based on that, and keep a budget item for the issue of hardware, software. Likewise, it is easier to keep a record of each year’s investment than to look at it folder by folder.
– What is the best feature of GLPI for you?
– Of the whole package, the best is the inventory, having integrated it natively into the tool. For me it has been a very attractive solution.
– Can you give an overall assessment of GLPI (summarize your experience with GLPI)?
– The ease of implementation and the ease of starting to use it. If I have a need, I just look where it is and that’s it. For example, with the issue of recording internal invoicing, it is very convenient for me, the issue of getting a report on the age of the hardware, it is very easy to work with the tool.
– Great, very good. Thank you very much for all your answers, very clear.
On Friday the 30th of September all Teclib´ employees gathered together for the semi-annual corporate event.
Our collagues traveled from different parts of Europe, Latin America and France to spent some time on-site for a face-to-face conversations, exchange the ideas, talk about the completed projects and challanges we have faced.
Presential meetings like this one boost inside cross-sellings, help us to understand better the market statem address its´ demands and expand business developement.
Teclib‘ Day
But first, coffee: the day started with hot drinks and croissants to welcome everyone and and set the mood for the presentations.
This year Teclib´ marks 13 years of growth (since 2009) based on our priciple values: open source technologies, eco-mindful approach and sharing economy.
Pascal Aubry (CEO) opened the program talking about Teclib’ history milestones, mission and vision, new challeges and strategy. In total the company counts with 4 business units, each offers highly demanded IT, e-commerce, software and digital services.
Buy the Way is an agency that offers development of ecommerce and corporate websites and intranets, custom solutions, mobile apps, responsive designs, community management, SEO, video, design and digital marketing, among other services.
Website: https://www.buy-the-way.com/
GLPI is proud to announce the expansion of GLPI Network Cloud offer. If you have not tried it yet, it is an open sourse SaaS platform developed by Teclib´ for management of IT and related workflows. Using just one tool you can run helpdesk, control assets´ park, track the expenses and team work with project management feature.
Websites: https://glpi-project.org/ and https://www.glpi-network.cloud
Hodei is an Odoo Gold integrator partner and winner of the Odoo Best starter Partner 2015 award. The team of passionate developers, consultants and business experts aims to help make Odoo project a success. Within the services they offer, you can find configuration, deployment, trainings, and assistance.
Website: https://www.hodei.net/
The official part ended with SerenIT business unit director presented news and future goals.
Serenit is an expert in multi-cloud outsourcing in France. Its´ team provides all IT services, helping users optimize and protect their IT infrastructure.
Website: https://www.serenit.fr/
After a lunch break in presentations schedule, three speakers from the association “La Fresque du Climat” made employees participate in a workshop on climate change, ecology, climate, biodiversity, etc. Teclib’ wishes to transmit these values and since one of the offices is located at the Domaine du Tronchay everyone took part in the express pomology course.
To end this day, it was aperitif time, time to chat, have fun and enjoy this evening with music, DJ, games, and karaoke!
Teclib´ Day brings up the great importance of team meeting which allows us to forge ties, meet new people and develop expertise.
Thank you all for coming to share one more Teclib’ Day together.
We published corrective versions on september 14, 2022:
These fix two critical security vulnerabilities: a SQL Injection (CVE-2022-35947), and a Remote Code Execution (CVE-2022-35914, vulnerability in the third-party library, htmlawed), the latter has been massively exploited since October 3, 2022 to execute code on insecure servers, available on the internet, hosting GLPI (GLPI Network Cloud instances are not impacted).
If you are not on the latest version 9.5.9 or 10.0.3, you must update your instances according to the recommended method (from an empty folder, without overwriting existing GLPI files).
We noticed there is a scenario where the corrective versions can also be impacted: when a GLPI update has been performed, by unpacking the archive over the existing folders and files. We insist this way of updating GLPI is a bad practice and despite the current security problem, exposes you to bugs.
We invite you to correctly re-install your GLPI as indicated in the documentation:
config/ and files/ directories from the old instance.Workarounds to deal with RCE urgency (this does not fix SQL injection):
vendor/htmlawed/htmlawed/htmLawedTest.php file (be careful not to touch the htmLawed.php file which is legitimate).vendor/ folder by setting (in the case of Apache for example) an adequate .htaccess.If your server has already been corrupted, you probably need to start from a new server, on which you will import your SQL dump and the folders mentioned above.