Some weeks ago, we released a beta version for GLPI 10.0.0. Many of you have tested it and reported issues in this version, and we thank you for these reports.
Today, we release a new release candidate archive with a lot of additional fixes for this future version.
GLPI native inventory news: GLPI Agent v.1.1 is available (bugfixes version). Click on detailed changelog to see what has been done & download the update.
Here is a list of major issues fixed in this new release:
FIX import of LDAP groups and users
FIX creation of local users
FIX php errors with Socket class
FIX several issues with new inventory feature
FIX several issues with backgrounds image of racks and their items
FIX many enhancements and fixes on the new UI; thanks to our users’ feedback!
FIX several issues on avatars, and add an option to hide initials
FIX objects locks release on all browsers
FEAT improve software architecture management
FEAT sofwares list can also now be filtered
FEAT add dedicated right for followup template
FEAT option added to set up timeline order
FEAT right panel of itil objects can be collapsed
FEAT the layout of itil objects is now saved in session
Download the RC archive, test the migration and the new features (you may also test the existing ones) and report us the issues you encounter on the bug tracker (tag it as ).
Translators, please, add missing sentences of your language on transifex.
This plugin offer tools to help you comply with GDPR regulation. Click here to read documentation.
CLEANING INACTIVE USERS
The main feature of this plugin is the automated cleaning or removal of inactive users.
There is two possible way of handling inactive users: – Cleaning the user data – Deleting the user
SCOPE RESTRICTION
The automated removal process can be limited to the given scopes: – All inactives users – Inactive users with no ongoing tickets – Inactive users with no tickets
The removal will be done through a standard GLPI automatic action that can be configured to run as often as you want.
How to get? If you use GLPI on premise, please subscribe to GLPI Network to get it.
A newly revealed critical vulnerability impacting Apache Log4j was disclosed and registered as CVE-2021-44228 with the highest severity rating. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. By exploiting this vulnerability, a remote attacker could take control of the affected system.
We would like to assure all users that GLPI core and its plugins, being written in PHP and not using Log4j, are not affected by the Log4Shell vulnerability.
Exploiting this vulnerability requires a Java Virtual Machine and the org.apache.logging.log4j.core.lookup.JndiLookup Java class in a vulnerable version. None of them are included or used in GLPI distributions.
We can also confirm that:
GLPI Android Agent (writen in Java), doesn’t use Log4j library, and thus is not affected by the Log4Shell vulnerability
GLPI Agent (writen in Perl), is not affected by the Log4Shell vulnerability
Warning: this does not prevent layers/tools potentially upstream of GLPI (reverse-proxy, firewall, etc.), or connected to GLPI, which we are not aware of in your context, from being potentially impacted.
For example, if you have a Metabase server connected to GLPI you should note that Metabase (<0.41.4) is affected by Log4j vulnerability, and you should update it ASAP!
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
