GLPI news and work in progress (Fall 2022). 

The presentation is hosted by Alexandre Delaunay, in charge of the GLPI development team and the product owner for GLPI. 

In this video he talks about roadmap and some features development team wants in GLPI for the next major version. Here is the transcription:  

“To keep the presentation short, we will discuss only about: 

Major topics 

Or very graphical ones 

And I would like to insist on the fact that there is no promises of time regarding the delivery.  

We will try our best to add the features, but in function of how the year will go, some will be OK, others not.  

  1. Assets genericity. 

Now, we have in our marketplace 2 plugins to address generic adds: 

– Genericobject 

– Fields 

We want to add the possibility to let you customize each type of objects displayed in the Assets menu (at first). 

The first part of that is to let you define your types. 

We will provide a list of predefined types matching the current assets list and let you add new ones if you want. Like servers in addition to desktop or laptop computers. Or to do something completely different from IT management, e.g: cars, desks, etc. 

Some of the current types will still be not removable like Software, Rack, Cable, Cartridge and Consumable. The reason is their behavior, or their presentation differs from other assets. 

You will still be able to disable these if you want but deletion will be impossible. 

So, GENERICITY covers the creation of new asset types. 

  1. Assets composition 

In addition, on the same setup page, you will be able to define which capacity an asset type use. 

E.g. contracts, management, etc., COMPOSITION of an asset type, with some checkboxes to select capacities. 

This permits you to remove or add tabs to the object. 

Or if an object can be inventoried by an agent.

  1. GLPI Agent 

Let us talk a little about features related to the GLPI inventory agent. 

Remote inventory reminder. 

Before talking about roadmap, let us do a quick reminder about remote inventory feature 

This is a task you can set up for an agent to let it query other computers on your network to construct an inventory file for each. 

The single agent will aggregate all inventory files and send them in one pass to the inventory API of GLPI. 

So, the main purpose is to have only one deployed agent. 

We use SSH and WinRM protocols to achieve that.  

GLPI Agent – Roadmap (1/2). 

The first point we want to improve is to ease the inventory process of your network. 

We currently have two tasks: 

– discover which “ping” addresses in an IP range 

– network inventory, which takes the result of the discovery to do a full SNMP inventory for network equipment and printers. 

We will change the process, by: 

– adding remote inventory of COMPUTERS 

– and let discovery task directly doing a FULL inventory if it knows the type of the remote device. A SNMP query for network equipment, SSH or WinRm queries for computers. 

With one unified task and one setup, we aim to let you discover all your network devices. 

The two last bullet points describe things required by unified discovery. The new toolbox UI will receive forms: 

– to plan tasks for the agent. 

– to save credentials, like SNMP community, login password couple for Windows domain or public key for a SSH connection. In summary, any information to let the agent connect to a remote device. 

GLPI Agent – Roadmap (2/2) 

We thought about rewriting a large part of the agents, and we shortlisted Golang for that. 

The fact the agent is written with the language PERL. 

Recently, finding developers comfortable with this language has been hard. 

We will try a prototype within the year to measure our capacity to switch to this new language. 

We plan also to enforce exchange between agents and backend by adding authentication and registration flows. This will be recommended but you will be able to do simple exchanges if you prefer. 

And we still need to redo all forms to drive remotely the agent in GLPI UI. 

This is still planned. 

  1. GLPI  

Let us talk a bit about features related to the GLPI web application. 

High-level API (1/2) 

Firstly, we will add a new API, again. 

We observe that, despite the old one permits more usage, due to its low-level connection with the framework, it is hard to maintain its stability and avoid regression. 

We maintain an interface to address depreciation for this previous API, but it is getting harder and harder to do. 

So, a new API connected to a higher level with stabilized endpoints and parameters. 

And we took advantage to add some comfort features: 

– we have a dedicated UI based on Swagger UI to ease discovering and testing endpoints and their parameters 

– we also use RSQL, a common Query language for filtering API. 

High-level API (2/2) 

For the second slide, you can see in action a GET request to list users in GLPI database. 

  1. DCIM 

 We want to extend the datacenter features in the next version. Mainly about adding graphical views. 

DCIM – Network equipment’s panels 

 The first and the simpler one is graphical panel for network ports list in equipment forms. 

We will take the front and rear pictures defined in the model of the equipment and display them above the ports list. 

The user will get information about each port directly on the picture panel by hovering them. 

A single click on a port will scroll the page to the good line to get more information. 

In the model setup, you will have a new tab to draw each port’s position. 

DCIM – Graphical enclosures (1/2) 

In the same way, slots of an enclosure can be drawn and indexed to indicate to GLPI where sub items can be placed. 

DCIM – Graphical enclosures (2/2) 

On a rack view where an enclosure is inserted, instead of a single blank rectangle, slots will be displayed and usual controls available, like hovering or clicking to get more information. 

DCIM – Graphical connections 

Finally, for DCIM part, we will try to add some representation for network or power connections. 

The goal is to get links between equipment. 

This is early to talk about this, we have short specifications for this, and it requires more research to find a library, for example. 

Keep in mind the current screenshot does not represent any existing development. 

  1. Misc 

Workflows – Processes 

We have a functional prototype for this. 

A new view to let GLPI administrator’s set up their business processes. 

With steps, transitions, conditions and actions, a full toolkit to describe a full workflow. 

This aims to replace legacy rules. 

And for a start, it will be available for assistance objects like tickets or change. 

Nutanix inventory import 

 Another development currently in alpha is the connector to Nutanix API to get: 

– Clusters 

– Hosts 

– Virtual machines 

– Disks 

The module parses the distant API and sends them to the native inventory API of GLPI. 

The merger with existing devices is done with the rule engine as usual. 


 Another connector, GLPI will serve a SCIM endpoint for your Microsoft Azure instance. 

This protocol pushes changes of users from the directory to connected application. 

So instead of synchronizing the whole user’s database and matching everyone, any change in the directory will be immediately pushed to GLPI. 

  1. Security 

Now, a security feature, two factors authentication! 

Administrators can enforce users’ logins in the security setup to ask them to register an external application like Google Authenticator or Authy. 

Security – 2 factors (2/2) 

After a successful login, a new field will appear asking users to paste a pin code from the authentication application. 

Security – Oauth Server 

We will add an Oauth server to GLPI for 2 purposes: 

– connect applications to GLPI to delegate the login feature and identity management 

– secure our several API like inventory one or the general purpose one. 

Security – misc 

– Vulnerabilities management 

– Scanners integration (vuls, tsunamin) 

– CVE matching 

Some various points: 

In the management menu, a new entry to list vulnerabilities. 

The goal is, with the help of external scanners, like vuls or tsnunamin, as well as some API to get CVE and match them to known software’s to see if a host has some security vulnerabilities. 

Some dashboard cards and alerts will also be added to enhance reporting about this subject. 

Technical changes 

– Web root for the application will be `/public` 

– continue work on twig (removing legacy echo) 

– removal of legacy auto escaping 

– modularization of critical features 

– e-charts lib for dashboards 

Last slide to tell you we continue to improve the core of GLPI. 

The most impactful for you will be the move of the web root of the application. 

Now, it will be a sub-folder named /public. 

Thereby, all other sub-folders (like files for example) will not be available on the web when the webserver is not well set up. 

The next point is legacy codebase we need to clean. 

And to finish, we moved to a new charting library called e-charts. 

It is simpler to use on our side and you appreciate the new colors and its interactivity. 


– Currently, finish stabilize 10.0 version 

– End of 2023, beta of next major version 

We are still working on bugfixing the 10 version. This last brought substantial changes, especially on the assistance part. 

But we aim to work on the incoming yearly results fully on the latest version. 

Success Story: Laboratorios La Santé

We met with José Melendez, an infrastructure specialist at Laboratorios La Santé, a company located in Venezuela. The La Santé Business Unit produces and markets generic prescription and over-the-counter medicines.

They currently have more than 30 international bioequivalence and pharmaceutical equivalence studies that support the effectiveness and safety of their medicines. In this interview you will discover what GLPI tools José uses in his day-to-day life and how he improves his work and that of his team.

New GLPI version 10.0.4

A new GLPI version is available.

This release fixes several security issues that has been recently discovered. Update is recommended!

You can download the GLPI 10.0.4 archive on GitHub.
We also provide a security release for 9.5 branch : GLPI 9.5.10 archive

You will find below the list of security issues fixed in this bugfixes version:

  • Blind SSRF in RSS feeds and planning (CVE-2022-39276)
  • Stored XSS in user information (CVE-2022-39372)
  • Stored XSS in entity name (CVE-2022-39373)
  • Improper input validation on emails links (CVE-2022-39376)
  • Improper access to debug panel (CVE-2022-39370)
  • User’s session persist after permanently deleting his account (CVE-2022-39234)
  • Stored XSS on login page (CVE-2022-39262)
  • XSS in external links (CVE-2022-39277)
  • XSS through public RSS feed (CVE-2022-39375)
  • SQL Injection on REST API (CVE-2022-39323)
  • Stored XSS through asset inventory (CVE-2022-39371)

Also, here is a short list of main changes done in this version:

  • Increase significantly dashboards performance
  • Several bugs on images pasting
  • Fixed and improved inventory locks management
  • Display of printer cartridges
  • Display and hide actors tooltips in tickets
  • Improve display of headers above forms
  • Move breakpoints on responsive displays
  • Inventory API is now disabled by default
  • Dedicated rights has been added for inventory

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!


New version of Formcreator 2.13.2

This version is compatible with GLPI 10.0.

Upgrade from 2.13.0 or later

A database sanity check is done before running the upgrade. If the tables of the plugin have a difference with the expected schema the upgrade will fail with a message similar to the following:

The database schema is not consistent with the installed Formcreator 2.13.0.
To see the logs enable the plugin and run the command bin/console glpi:database:check_schema_integrity -p formcreator

It is required to fix the database, using the diff produced by the CLI command given in the message. Once done, try again to upgrade.

ℹ️ If you know what you are doing you may bypass the sanity check from CLI with the following command.

bin/console glpi:plugin:install formcreator -f -p skip-db-check

Possible encoding problems in tickets created in GLPI 9.5 or older

⚠️ GLPI 10.0 encodes rich text content in a different way compared to GLPI 9.5. This revealed some bugs in the plugin in previous versions and GLPI may display old tickets with HTML tags. A CLI tool is available to fix 2 types of inconsistencies. You should test the command in a testing environment or do a backup first.

bin/console glpi:plugins:formcreator:clean_tickets

Bug Fixes

  • just reencode br (cce2e7e1c)
  • show KB items without category (91f4deb75)
  • abstractitiltarget: email addresses were ignored (4c28a09b8)
  • docs: mix of single and singular/plural locales (dc8f38cc3)
  • dropdownfield: tree depth not restored in design dialog (af4096bba)
  • fields: add default value to prevent SQL error (#2965) (19f039569)
  • form: risk of selecting the wrong form in DOM (bb31fd163)
  • form: submit once (b00844208)
  • form: unescape form name (5b802658a)
  • formanswer: PHP 8.1 compatbility, error message if invalid JSON detected (8ff7ff91a)
  • formanswer: PHP 8.1 compatibility: null passed instead of string (297fb2713)
  • formanswer: redirect after submission of targetless form (4d60239d1)
  • requesttypefield: warning if comparing against empty value (dca5afb82)
  • section: label for conditions in designer (01e570319)
  • wizard: FAQ list (#3031) (bb0732ca7)


  • tool to repair escaping problem in some tickets (68db0ffda)
  • form: submit forms once (abed86101)
  • formanswer: notification with URL to generated objets (fa6a360f0)
  • formanswer: restore toasts when craeting targets (f43df3ebb)
  • install: show the DB diff when upgrade runs from CLI (#2994) (4abb099a6)

Help / Contribution needed
Locales updates: Some languages don’t have maintainer, or are late (many untranslated content). Please contribute on Transifex.

Success story: Neocos Laboratories

We met with Alejandro Rodríguez Girbés, who leads the IT department of the company Neocos Laboratorios, located in Valencia, Spain.

The company manufactures hair dyes and hair care products for companies such as Mercadona. In this interview you will discover what GLPI tools Alejandro uses in his day to day life and how he improves his work and that of his team.


– Hi Alejandro, thank you very much for joining us today. Please could you tell us your name and position

– My name is Alejandro Rodriguez, I work in Neocos Laboratorios as IT responsible for the IT of the company. We are dedicated to make hair dyes for Mercadona, I have more than 100 users, about 150.

-How did you hear about GLPI? What was the first version you tried?

– I have been using GLPI for maybe 5 years now. We implemented it in the company and it is a tool that being free is very easy to introduce to management and learn how to use it and then as soon as the users see how easy it is to put tickets it is very easy to implement in the company.

– How did you find out about GLPI?

I don’t remember how I found out about it. I think I was searching the internet looking for tools that would allow me to implement ITIL standards and one day I came across GLPI and since that day I have implemented it in this and other companies I have been in.

-What version are you currently using?
– I am currently starting to use the latest version 10.0.3 since the last two weeks. And my idea, is, once I finish implementing it well, to go to the Cloud version for convenience.

– What GLPI functions do you use? Helpdesk, Asset Management, Problem Management, Change Management, Financial Management, Reporting, User Management, Knowledge Base, etc.?
– I have always used it for inventorying all my IT equipment and for ticketing but then the ticketing part also has associated internal management of recurring cases and so on and in this version 10, which is already integrated the issue of inventorying more comfortable, in fact the documentation I found it right away and I inventoried all my part.
Now with this version 10 I am also inventorying the terminals that before I did not do it and now it is very simple and I am even with the management of contracts, budgets and projects. I think I use everything or almost everything! It is very comfortable for me!

– Do you use any GLPI network plugins? If yes, which ones?
– Not at the moment. I did install the IPs plugin and so on, but I didn’t have time.

– How does GLPI help you in your work? What were your requirements for the software and what business/IT problems were you willing to solve with GLPI?
– Starting with ticketing, it is very convenient for me to keep a record of the day to day quantified in numbers, then, it is very useful to keep the inventory of all the park I have, in that sense it is very comfortable because I can draw statistics and then take action based on that, and keep a budget item for the issue of hardware, software. Likewise, it is easier to keep a record of each year’s investment than to look at it folder by folder.

– What is the best feature of GLPI for you?
– Of the whole package, the best is the inventory, having integrated it natively into the tool. For me it has been a very attractive solution.

– Can you give an overall assessment of GLPI (summarize your experience with GLPI)?
– The ease of implementation and the ease of starting to use it. If I have a need, I just look where it is and that’s it. For example, with the issue of recording internal invoicing, it is very convenient for me, the issue of getting a report on the age of the hardware, it is very easy to work with the tool.

– Great, very good. Thank you very much for all your answers, very clear.

Teclib’ semi-annual corporate reunion.

On Friday the 30th of September all Teclib´ employees gathered together for the semi-annual corporate event.

Our collagues traveled from different parts of Europe, Latin America and France to spent some time on-site for a face-to-face conversations, exchange the ideas, talk about the completed projects and challanges we have faced.

Presential meetings like this one boost inside cross-sellings, help us to understand better the market statem address its´ demands and expand business developement.

Teclib Day

But first, coffee: the day started with hot drinks and croissants to welcome everyone and and set the mood for the presentations.

This year Teclib´ marks 13 years of growth (since 2009) based on our priciple values: open source technologies, eco-mindful approach and sharing economy.

Pascal Aubry (CEO) opened the program talking about Teclib’ history milestones, mission and vision, new challeges and strategy. In total the company counts with 4 business units, each offers highly demanded IT, e-commerce, software and digital services.

Buy the Way is an agency that offers development of ecommerce and corporate websites and intranets, custom solutions, mobile apps, responsive designs, community management, SEO, video, design and digital marketing, among other services.


GLPI is proud to announce the expansion of GLPI Network Cloud offer. If you have not tried it yet, it is an open sourse SaaS platform developed by Teclib´ for management of IT and related workflows. Using just one tool you can run helpdesk, control assets´ park, track the expenses and team work with project management feature.

Websites: and

Hodei is an Odoo Gold integrator partner and winner of the Odoo Best starter Partner 2015 award. The team of passionate developers, consultants and business experts aims to help make Odoo project a success. Within the services they offer, you can find configuration, deployment, trainings, and assistance.


The official part ended with SerenIT business unit director presented news and future goals.

Serenit is an expert in multi-cloud outsourcing in France. Its´ team provides all IT services, helping users optimize and protect their IT infrastructure.


After a lunch break in presentations schedule, three speakers from the association “La Fresque du Climat” made employees participate in a workshop on climate change, ecology, climate, biodiversity, etc. Teclib’ wishes to transmit these values and since one of the offices is located at the Domaine du Tronchay everyone took part in the express pomology course.

To end this day, it was aperitif time, time to chat, have fun and enjoy this evening with music, DJ, games, and karaoke!

Teclib´ Day brings up the great importance of team meeting which allows us to forge ties, meet new people and develop expertise.

Thank you all for coming to share one more Teclib’ Day together.

Important message about security (CVE-2022-35947, CVE-2022-35914)!

We published corrective versions on september 14, 2022:

These fix two critical security vulnerabilities: a SQL Injection (CVE-2022-35947), and a Remote Code Execution (CVE-2022-35914, vulnerability in the third-party library, htmlawed), the latter has been massively exploited since October 3, 2022 to execute code on insecure servers, available on the internet, hosting GLPI (GLPI Network Cloud instances are not impacted).

If you are not on the latest version 9.5.9 or 10.0.3, you must update your instances according to the recommended method (from an empty folder, without overwriting existing GLPI files).

We noticed there is a scenario where the corrective versions can also be impacted: when a GLPI update has been performed, by unpacking the archive over the existing folders and files. We insist this way of updating GLPI is a bad practice and despite the current security problem, exposes you to bugs.

We invite you to correctly re-install your GLPI as indicated in the documentation:

  • from an empty folder
  • copy the files from the archive of the latest version
  • get your config/ and files/ directories from the old instance.

Workarounds to deal with RCE urgency (this does not fix SQL injection):

  • delete the vendor/htmlawed/htmlawed/htmLawedTest.php file (be careful not to touch the htmLawed.php file which is legitimate).
  • prevent web access to the vendor/ folder by setting (in the case of Apache for example) an adequate .htaccess.

If your server has already been corrupted, you probably need to start from a new server, on which you will import your SQL dump and the folders mentioned above.

New Silver Partner: HarPer Srl

We are happy to announce our new silver partner in the Dominican Republic – HarPer Srl.

HarPer Srl is an IT company primarily engaged in providing cybersecurity technological solutions to their customers.

They provide support of businesses throughout their life cycles from installment of new infrastructure, development of new systems, secure their data or even their physical locations. Also, they provide guidance or recommendations for business continuity.

Among many solutions, HarPer Srl offers:

  • Pentesting, hardening access control, vulnerability Assessment, implementation of information security improvements.
  • Implementation and troubleshooting of networks and infrastructure.
  • Development of desktop, web and mobile applications.
  • IT, network and security trainings|Project Management, Agile (Scrum, Kanban, etc.).


We are excited that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.

Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us:

Being a partner means:

  • Having an a direct access to the Teclib´s tech expertise;
  • Get special discounts;
  • Access official support,
  • Many other tools which will help you to gain more customers and increase reputation on the market by adding open source ITSM to your portfolio.

Discover all benefits of being a partner here:

Formcreator 2.13.1 – bugfixes

This version is compatible with GLPI 10.0.

⚠️ You must upgrade from a previous stable version. Upgrading from a development or testing version is not supported.

Bug Fixes

  • inverted existence test on ticket update (2acc5cd4)
  • log more errors, and update obsolete error logging (ae28ed6d)
  • restore page redirections existing in v2.12 (582f926c)
  • update obsolete error logging (da8929e0)
  • abstractitiltarget: glpi 10.0.3 will require a data with a valid value (5f385bb8)
  • actorfield: default value not saved (c3baebbe)
  • actorfield: php warning (6d3e98d1)
  • checkboxesfield: replace div with p in checkbowes answers (9ef95343)
  • composite: php warning breaks JSON if a ticket is not generated (2108983c)
  • descriptionfield: bad form rendering (87a74058)
  • filefield: php error when switching field type to file (a03c7a0a)
  • form: javascript (f05bc697)
  • form: list on self service homepage (ba6d4a58)
  • form: undefined var (169d2c8e)
  • form: url to form answer lists may be invalid (6cd29e6d)
  • install: avoid alter table fail (4dadea8a)
  • install: missing method in upgrade to 2.13.1 (7e9cdcd5)
  • issue: issue not deleted when tichet goes to trash bin (c977b1ca)
  • issue: purge issue when deleting associated ticket (76444ecc)
  • issue: recreate when restore ticket (2656e284)
  • item_targetticket: uuid to ID conversion (e9f326c0)
  • section: name encoding in designer and rendered form” (491dcb69)
  • targetticket: bad constant name (48dda4f3)
  • targetticket: table structure inconsistency (ff56f3f1)
  • targetticket: table structure inconsistency (892a83c3)
  • targetticket,targetchange: tags from queestion or specific tags not saved (ec08d95e)


  • prepare compatibility with PHP 8.2 (#2966) (4bb7f3c3)
  • formanswer,issue: show title in navigation header (1878e4b0)
  • kb: preselect see all categorie (1b669d4f)

Help / Contribution needed
Locales updates: Some languages don’t have maintainer, or are late (many untranslated content). Please contribute on Transifex.