GLPI 9.5.3

by | Nov 25, 2020 | Blog, GLPI releases, News

Teclib’ is happy to announce the release of GLPI 9.5.3.

This release fixes medium security issues that has been recently discovered. Update is recommended!

You can download the GLPI 9.5.3 archive on GitHub.

Here is the list of security cases detected and fixed in this version:

  • Any CalDAV calendars is read-only for every authenticated user (CVE-2020-26212)
  • Insecure Direct Object References in ajax files (CVE-2020-27662 && CVE-2020-27663)

Note that some are present since a long time (version 0.68), but this time none of these issues was considered as high/critical.

We also fixed a lot of bugs, here are important ones:

  • we continue the work on stabilizing the usage of laminas/mail library:
    • Attachments were not imported as documents with specific content-disposition.
    • Some HTML mails were imported as text (and html was present in the description of the ticket).
  • For the dashboards:
    • Bars and lines graphs were animated not correct inn recent versions of chromium based browsers.
    • Default pages for users without dashboard were empty.
    • Adding some missing filters: tech users and tech groups.
  • Misc:
    • A new cli command to set GLPI configuration values.
    • Response time on personnal tab of index is now improved.
    • PHP8 compatibility.

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

 

SQL for dashboards.

by | Nov 4, 2020 | Blog, Exclusive plugins, GLPI Network, GLPI Network Cloud, News

This plugin allows administrators to create new data providers for the GLPI dasboards.

It currently permits to:

  • a code editor (based on monaco) bringing syntax hightlighting, automatic formatting and autocomplete for tables.
  • csv and json export
  • embed your queries results in an external application (without using GLPI dashboard).

Download the plugin: https://plugins.glpi-project.org/#/plugin/advanceddashboard

 

Oauth authentication for mail receivers

by | Oct 13, 2020 | Blog, GLPI releases, New plugins, News

A while ago Microsoft and Google announced they would close basic connections for IMAP mailboxes on their services Office 365 and Google suite:

The current crisis has made them to postpone the deadlines of termination to 2021, but starting from October 2020, in particular for Azure / Office, new accounts will have the “basic” authentication disabled by default (it will be possible to re-enable it until next year).

To overcome this upcoming eol, we developed a mini plugin available for GLPI community, which allows to create an oauth connection to their services.

It lets you to declare an oauth client from a list of suppliers and then use this client in your mail collectors:

mail receiver with oauth client

You can now download this plugin via integrated marketplace of GLPI 9.5 or from the plugins catalog.

If you wish to obtain official support and want to secure your GLPI instance, don’t hesitate to contact us using this form  or purchase online here: Services.

GLPI 9.5.2

by | Oct 7, 2020 | Blog, GLPI releases, News

After several weeks, Teclib’ is happy to announce the release of GLPI 9.5.2.

This release fixes several security issues that has been recently discovered. Update is strongly recommended!

You can download the GLPI 9.5.2 archive on GitHub.

Here is the list of security flaws detected and fixed in this version:

  • SQL injection with a query parameter of user form (CVE-2020-15176)
  • Removal of .htaccess file in the files folder via a plugin endpoint (CVE-2020-15175)
  • Leakage issue with knowledge base (CVE-2020-15217)
  • Stored XSS in install script (CVE-2020-15177)
  • Minor SQL Injection in Search API (CVE-2020-15226)

Note, some are present since a long time (0.68).

We also fixed a lot of issues, here are important ones:

  • mailgates issues:
    • encoding errors
    • missing images in some tickets
    • exceptions for some particular messages
  • a small notice (listTables) was visible while updating to 9.5.1.
  • in some rare cases, the encryption process of passwords could fail
  • For the dashboards:
    • fix user preferences
    • fix overlap of mini dashboard above tickets list

And we worked on improving the dashboards:

  • new summary widget
  • new articles widget
  • display labels on point and bar (with a new available option)
  • cards have now a minimum size
  • we added personnal filters. Toggle edit mode, and add filters on top of dashboards.

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Regards.

ApprovalByMail – new plugin for GLPI.

by | Sep 11, 2020 | Blog, Exclusive plugins, GLPI Network, GLPI Network Cloud, New plugins, News

We are happy to announce that ApprovalByMail plugin is available now. To get it, we invite you to purchase GLPI Network Subscription (if you use GLPI on-premises) or use GLPI Network Cloud platform (the plugin is already pre-installed and included in our offer).

This plugin allows to answer a validation request directly from mail without logging to GLPI.

To learn more about its features and configuration, please, read the documentation: click here

In case if you want to test the ApprovalByMail plugin we offer 45 days free trial on GLPI Network Cloud, just register your account here and instantly access your virtual instance: https://myaccount.glpi-network.cloud/register.php

GO TO GLPI NETWORK SUBSCRIPTIONSGO TO GLPI NETWORK CLOUD

Plugin for data anonymization is available!

by | Sep 1, 2020 | Blog, Exclusive plugins, GLPI Network, GLPI Network Cloud, News

We are happy to announce that Anonymization plugin is available now. To get it, we invite you to purchase GLPI Network Subscription (if you use GLPI on-premises) or use GLPI Network Cloud platform (the plugin is already pre-installed and included in our offer).

This plugin will allow the data anonymization in GLPI, directly from the web interface or with the command line, either unitarily or massively.

To learn more about its features and configuration, please, read the documentation: click here

In case if you want to test the Anonymization plugin we offer 45 days free trial on GLPI Network Cloud, just register your account here and instantly access your virtual instance: https://myaccount.glpi-network.cloud/register.php

GO TO GLPI NETWORK SUBCRIPTIONSGO TO GLPI NETWORK CLOUD