After several weeks, Teclib’ is happy to announce the release of GLPI 9.4.1 bugfixes.

This release fixes several security issues that have been recently discovered. Update is strongly recommended.

You can download the GLPI 9.4.1 archive on GitHub.

You may notice displayed and archive versions are 9.4.1.1; this is because we’ve decided to integrate two more fixes we found after release has been prepared!

You’ll find below the changes of these bugfixes versions:

  • Bad chevrons rendering on dropdowns
  • Iframe and forms are rendered in rich text contents
  • Type juggling authentication bypass
  • Malicious images upload
  • Password token date was not reset
  • Prevent timed attack and enforce cookie security (#5562)
  • Search on dropdowns now displays fuzzy matches
  • All components were deleted when permanently deleting a computer
  • Unable to display network ports
  • Preferences not applied
  • Unable to use “forgotten password” feature
  • And many more!

The full changelog is available as well as another one for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project.

Reminder: we launched services website for GLPI-Network.
If you need support or services from our partners, check services.glpi-network.com.