Teclib’ semi-annual corporate reunion.

On Friday the 30th of September all Teclib´ employees gathered together for the semi-annual corporate event.

Our collagues traveled from different parts of Europe, Latin America and France to spent some time on-site for a face-to-face conversations, exchange the ideas, talk about the completed projects and challanges we have faced.

Presential meetings like this one boost inside cross-sellings, help us to understand better the market statem address its´ demands and expand business developement.

Teclib Day

But first, coffee: the day started with hot drinks and croissants to welcome everyone and and set the mood for the presentations.

This year Teclib´ marks 13 years of growth (since 2009) based on our priciple values: open source technologies, eco-mindful approach and sharing economy.

Pascal Aubry (CEO) opened the program talking about Teclib’ history milestones, mission and vision, new challeges and strategy. In total the company counts with 4 business units, each offers highly demanded IT, e-commerce, software and digital services.

Buy the Way is an agency that offers development of ecommerce and corporate websites and intranets, custom solutions, mobile apps, responsive designs, community management, SEO, video, design and digital marketing, among other services.

Website: https://www.buy-the-way.com/

GLPI is proud to announce the expansion of GLPI Network Cloud offer. If you have not tried it yet, it is an open sourse SaaS platform developed by Teclib´ for management of IT and related workflows. Using just one tool you can run helpdesk, control assets´ park, track the expenses and team work with project management feature.

Websites: https://glpi-project.org/ and https://www.glpi-network.cloud

Hodei is an Odoo Gold integrator partner and winner of the Odoo Best starter Partner 2015 award. The team of passionate developers, consultants and business experts aims to help make Odoo project a success. Within the services they offer, you can find configuration, deployment, trainings, and assistance.

Website: https://www.hodei.net/

The official part ended with SerenIT business unit director presented news and future goals.

Serenit is an expert in multi-cloud outsourcing in France. Its´ team provides all IT services, helping users optimize and protect their IT infrastructure.

Website: https://www.serenit.fr/

After a lunch break in presentations schedule, three speakers from the association “La Fresque du Climat” made employees participate in a workshop on climate change, ecology, climate, biodiversity, etc. Teclib’ wishes to transmit these values and since one of the offices is located at the Domaine du Tronchay everyone took part in the express pomology course.

To end this day, it was aperitif time, time to chat, have fun and enjoy this evening with music, DJ, games, and karaoke!

Teclib´ Day brings up the great importance of team meeting which allows us to forge ties, meet new people and develop expertise.

Thank you all for coming to share one more Teclib’ Day together.

Important message about security (CVE-2022-35947, CVE-2022-35914)!

We published corrective versions on september 14, 2022:

These fix two critical security vulnerabilities: a SQL Injection (CVE-2022-35947), and a Remote Code Execution (CVE-2022-35914, vulnerability in the third-party library, htmlawed), the latter has been massively exploited since October 3, 2022 to execute code on insecure servers, available on the internet, hosting GLPI (GLPI Network Cloud instances are not impacted).

If you are not on the latest version 9.5.9 or 10.0.3, you must update your instances according to the recommended method (from an empty folder, without overwriting existing GLPI files).

We noticed there is a scenario where the corrective versions can also be impacted: when a GLPI update has been performed, by unpacking the archive over the existing folders and files. We insist this way of updating GLPI is a bad practice and despite the current security problem, exposes you to bugs.

We invite you to correctly re-install your GLPI as indicated in the documentation:

  • from an empty folder
  • copy the files from the archive of the latest version
  • get your config/ and files/ directories from the old instance.

Workarounds to deal with RCE urgency (this does not fix SQL injection):

  • delete the vendor/htmlawed/htmlawed/htmLawedTest.php file (be careful not to touch the htmLawed.php file which is legitimate).
  • prevent web access to the vendor/ folder by setting (in the case of Apache for example) an adequate .htaccess.

If your server has already been corrupted, you probably need to start from a new server, on which you will import your SQL dump and the folders mentioned above.

New Silver Partner: HarPer Srl

We are happy to announce our new silver partner in the Dominican Republic – HarPer Srl.

HarPer Srl is an IT company primarily engaged in providing cybersecurity technological solutions to their customers.

They provide support of businesses throughout their life cycles from installment of new infrastructure, development of new systems, secure their data or even their physical locations. Also, they provide guidance or recommendations for business continuity.

Among many solutions, HarPer Srl offers:

  • Pentesting, hardening access control, vulnerability Assessment, implementation of information security improvements.
  • Implementation and troubleshooting of networks and infrastructure.
  • Development of desktop, web and mobile applications.
  • IT, network and security trainings|Project Management, Agile (Scrum, Kanban, etc.).

Website: https://www.har-per.com/

We are excited that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.

Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: https://glpi-project.org/contact/

Being a partner means:

  • Having an a direct access to the Teclib´s tech expertise;
  • Get special discounts;
  • Access official support,
  • Many other tools which will help you to gain more customers and increase reputation on the market by adding open source ITSM to your portfolio.

Discover all benefits of being a partner here: https://glpi-project.org/partners/

Formcreator 2.13.1 – bugfixes

This version is compatible with GLPI 10.0.

⚠️ You must upgrade from a previous stable version. Upgrading from a development or testing version is not supported.

Bug Fixes

  • inverted existence test on ticket update (2acc5cd4)
  • log more errors, and update obsolete error logging (ae28ed6d)
  • restore page redirections existing in v2.12 (582f926c)
  • update obsolete error logging (da8929e0)
  • abstractitiltarget: glpi 10.0.3 will require a data with a valid value (5f385bb8)
  • actorfield: default value not saved (c3baebbe)
  • actorfield: php warning (6d3e98d1)
  • checkboxesfield: replace div with p in checkbowes answers (9ef95343)
  • composite: php warning breaks JSON if a ticket is not generated (2108983c)
  • descriptionfield: bad form rendering (87a74058)
  • filefield: php error when switching field type to file (a03c7a0a)
  • form: javascript (f05bc697)
  • form: list on self service homepage (ba6d4a58)
  • form: undefined var (169d2c8e)
  • form: url to form answer lists may be invalid (6cd29e6d)
  • install: avoid alter table fail (4dadea8a)
  • install: missing method in upgrade to 2.13.1 (7e9cdcd5)
  • issue: issue not deleted when tichet goes to trash bin (c977b1ca)
  • issue: purge issue when deleting associated ticket (76444ecc)
  • issue: recreate when restore ticket (2656e284)
  • item_targetticket: uuid to ID conversion (e9f326c0)
  • section: name encoding in designer and rendered form” (491dcb69)
  • targetticket: bad constant name (48dda4f3)
  • targetticket: table structure inconsistency (ff56f3f1)
  • targetticket: table structure inconsistency (892a83c3)
  • targetticket,targetchange: tags from queestion or specific tags not saved (ec08d95e)

Features

  • prepare compatibility with PHP 8.2 (#2966) (4bb7f3c3)
  • formanswer,issue: show title in navigation header (1878e4b0)
  • kb: preselect see all categorie (1b669d4f)

Help / Contribution needed
Locales updates: Some languages don’t have maintainer, or are late (many untranslated content). Please contribute on Transifex.

New GLPI version 10.0.3

A new GLPI version is available.

This release fixes several critical security issues that has been recently discovered. Update is strongly recommended!

You can download the GLPI 10.0.3 archive on GitHub.
Exceptionally, as we have critical security issues that affects GLPI 9.5, we also release a GLPI 9.5.9 archive.

You’ll find below the list of security issues fixed in this bugfixes version:

  • XSS through registration API (CVE-2022-35945)
  • Leak of sensitive information through login page error (CVE-2022-31143)
  • Stored XSS through global search (CVE-2022-31187)
  • Command injection using a third-party library script (CVE-2022-35914)
  • SQL injection through plugin controller (CVE-2022-35946)
  • Authentication via SQL injection (CVE-2022-35947)
  • Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning (CVE-2022-36112)

Also, here is a short list of main changes done in this version:

  • More precise rights checks on inventory (#12610)
  • Display of last inventoried value for locked fields (#12602)
  • Permit to use rules to add computers as virtual machines (#12572)
  • Delegate session cookies security to sysadmin (#12302)
  • Prevent collector failure on invalid mail header (#12232)
  • Many fixes on network inventory

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Regards.

New silver partner : ANC Technology Services S.A (Amvix)

We are happy to announce our new silver partner in Costa Rica – ANC Technology Services S.A (Amvix).

ANC Technology Services S.A (Amvix) is a company with more than 14 years of experience in the market. They are specialized in OpenSource technologies for the implementation of network, security, Internet and CRM solutions.

They provide support in preventive management, consulting and infrastructure scaling. They approach the business opportunities offered by new computing technologies.

Among many solutions, ANC Technology Services S.A (Amvix) offers:

  • Consulting and Advisory.
  • Installation and configuration of Linux servers.
  • Desktop and application virtualization.
  • Technical support.

Websitehttp://www.amvix.com/

We are excited that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.

Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: https://glpi-project.org/contact/

Being a partner means:

  • Having an a direct access to the Teclib´s tech expertise;
  • Get special discounts;
  • Access official support,
  • Many other tools which will help you to gain more customers and increase reputation on the market by adding open source ITSM to your portfolio.

Discover all benefits of being a partner here: https://glpi-project.org/partners/

Formcreator 2.13.0 – final release!

This version is compatible with GLPI 10 only.

documentation review and updates

Bug Fixes

  • cannot delete a ticket from service catalog (acec9bb8)
  • abstractitiltarget: alternative email lost if no requester user (78fd8450)
  • abstracttarget: uuid should not be updated (b1e492d3)
  • checkboxesfield: avoid HTML br tag (c3a60bbb)
  • condition: compatibility with Advanced forms validation (6685b943)
  • descriptinfield: conversion to target requires escaping (b79cfa95)
  • filefield: mandatory check may cause exception (3f711a54)
  • form: PHP warning (844ef96c)
  • form: bad URL when using advanced form validation plugin (adb9fba5)
  • formanswer: grid style updated for current version of gridstack (85b6a686)
  • formanswer: select inherited class if needed (955dc969)
  • formanswer: update gridstack css (70deaa06)
  • glpiselectfield: missing entity restrict (40c9ab73)
  • install: prevent useless warnings (001d12f5)
  • install: use modern settings for tables (f04e4181)
  • issue: remove duplicate item in status dropdown (27f9f313)
  • ldapselectfield: log LDAP error instead of showing it to user (e170dc6f)
  • ldapselectfield: no translation for items (d170c79c)
  • targetticket: prevent exception in inconsistent target ticket (ba6ed88e)
  • textarea: on change event broken (9fb70edb)
  • textarea: rn chars added between lines (66571b80)
  • textarea, entityconfig: embedded image question description (#2901) (0d78db1a)
  • textareafield: embedded image upload broken (d58075cd)
  • textareafield: missing escape before compare (ba78e935)

Features

  • formanswer: order formanswers by date desc (7fdeda51)
  • ldapselectfield: lazy loading (bffcb5b7)

Help / Contribution needed
Locales updates: Some languages don’t have maintainer, or are late (many untranslated content). Please contribute on Transifex.

Check the changelog & download

YK Pao School 

YK Pao School 

Colin Chen, Director of Technology:

“One of the handy function I found with GLPI is that the asset association with users, it’s very useful when users can connect with their own device when they try to submit a ticket”.

GLPI SUCCESS CASES

YK Pao School

About the company

YK Pao School is a pioneering international Chinese school. The school is a private non-profit institution founded in 2007, in memory of shipping magnate Sir Yue-Kong Pao, the renowned Chinese businessman, statesman and philanthropist.

With around 1600 students from China and overseas, the school offers a unique Year 1-12 educational programme that integrates elements of Shanghai and international curricula, culminating with the IGCSE and IB Diploma programmes, both of which are complemented by core components of the Shanghai curriculum.

Challenge

GLPI helped us to quickly build up the IT Asset management system and the out-of-box solution for ticket management. The highlight function of AD integration is very important if you want to quickly build a solution for everyone in the organization. One of the handy function I found with GLPI is that the asset association with users, it’s very useful when users can connect with their own device when they try to submit a ticket.

Requirments

We use Asset Management the most, it has been super helpful since 0.85 with the Dashboard plugin. We also use the Helpdesk/Change – Problem Management feature. Financial management was integrated with Asset management, this is also important when you want to develop a long-term strategy for your asset management.

GLPI solution

Colin Chen, Director of Technology: “It was way back when I was at university, I was interesting in open source solutions and GLPI was the leading platform for IT Asset and Ticket management.

The first version I tried I guess should be 0.7x. At YK Pao School GLPI helped us to quickly build up the IT Asset management system and the out-of-box solution for ticket management.

The highlight function of AD integration is very important if you want to quickly build a solution for everyone in the organization. One of the handy function I found with GLPI is that the asset association with users, it’s very useful when users can connect with their own device when they try to submit a ticket”.

 

Try all features on GLPI Network Cloud

Any questions? Get in touch with us!

New Silver Partner: KING ICT

We are happy to announce our new silver partner in Croatia – KING ICT.

KING ICT is a system integrator specialized in advanced ICT solutions that positively influence business and society. Based on new technologies, the cloud and mobile first principle, they create innovative enterprise solutions.

They facilitate operations and create added value for their clients, driven by the desire to jointly build a connected and digital future. Their clients come from different branches, such as transport, energy, agriculture, health care, education, judiciary, trade, finance, and telecommunications.

Among many solutions, KING ICT offers:

• Application Development & Management;
• Business Applications & Consulting;
• Modern IT Infrastructure;
• Cyber Security;
• IT Services & Workplace Management;
• Physical Security Systems.

Website: https://king-ict.com/

We are excited that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.

Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: https://glpi-project.org/contact/

Being a partner means:

  • Having an a direct access to the Teclib´s tech expertise;
  • Get special discounts;
  • Access official support,
  • Many other tools which will help you to gain more customers and increase reputation on the market by adding open source ITSM to your portfolio.

Discover all benefits of being a partner here: https://glpi-project.org/partners/

Discover new interface of GLPI 10!

In a few weeks we will launch the first beta version of GLPI 10.
We are working on the last technical elements and preparing the release of compatible plugins on the Marketplace.

One of the biggest news of this version is a major overhaul of the interface and the user experience. The latest redesign since version 0.90 was done in October 2015.

Based on tabler, Bootstrap 5 and Twig, it brings many visual changes.

The integration of these standard libraries will make it easier to develop new interfaces and above all brings a “responsive” display mode that is easier to maintain.

Here are some screenshots to give you an overview of the upcoming changes.

Ecran de login
Liste des ordinateurs
Vue responsive

Beyond the change in design, we are making a number of user experience improvements, here is the list of key points:

Vertical menu

As you have noticed on the previous screenshots, GLPI now offers by default a layout with a vertical menu. It is still possible to switch to a layout similar to previous versions (named Horizontal) in user settings.

Disposition principale de GLPI

In the new layout it is possible to collapse the menu to have a compact display.

Button “Go to…”

Available since version 9.2 the “Go to” feature which allows a quick search of a menu is now highlighted and can be discovered on top of the menu.

Menu Goto

The park equipment now has a panel on their right side where you can click on the images attached.

“Saved search” panel

The “saved search” panel now integrated into GLPI design.
You can set it floating, or pinned to pages (to be kept permanently (even after browsing)).

Pinning is done page by page, e.g. a panel pinned to “tickets” will not be pinned to computers.

Note that now you can find it in the first tab, the saved searches corresponding to the type of object: list of tickets will be displayed according to priority of saved searches.

Second tab lists all other searches concerning other types of objects.

As the panel is now contextual to the type of object presented, you can access it via an icon named “Lists” placed next to the breadcrumb trail.

Recherches sauvegardées

Invisible search engine

It is now possible to deactivate the display of the search engine.

You can navigate in GLPI only using saved searches!

Dynamic loading of search results

The search engine display is now launched in “AJAX” mode. A loading icon is displayed when a search is launched, page changes or sorting is in process. Once new results are available, only the content is replaced and not the entire page.

Multi-sorting of results

With a “ctrl” you can add several sorting modes to the columns of your search results.

Example: sort by “Name” and by “Modification date”.

Tri multiple

Page of park elements.

The main element form now displays a panel on the right displaying the images associated with the corresponding model.
These images could be previously accessed only in the display part of data center racks, now they are available everywhere.

fiche d'un ordinateur

Redesign of ITIL objects

Display and use of ITIL objects (Tickets, Problems and Changes) are thoroughly reviewed.

Refonte des objets ITIL

Many changes were made:

  • The order of messages in the “timeline” now goes from the oldest to the most recent, starting from top to bottom, following a usual reading order. New answer now placed below the last one.
  • A side panel contains the additional information of tickets (dates, priority matrix, actors, etc.). This panel can be temporarily enlarged. We also group by these changes the main tabs and “timeline” within the same view.
taille du panneau droit des tickets
  • Documents added to the timeline are now displayed below the parent object (tracker, task) in a contextual way for easier reading.
documents dans leur contexte
  • Each of the types of actors (requesters, observer and assigned) are now displayed in a single field. Previously, several clicks were required to select a group or a user and then choose the final actor. It is now a single drop-down list unifying all possible objects (differentiating them with an icon) and providing autocompletion.
champ acteur
  • A button at the bottom of the main view allows you to switch to a “TODO list” view displaying the tasks and validation requests in an interactive vertical list, allowing you to follow the progress of a ticket (or another ITIL object)
Vue TODO

New colors

With the arrival of new libraries tabler and Bootstrap 5, it is now much easier to create and modify GLPI palletes.

Here is an example of one corresponding to the capture below:

2 new dark palettes:

  • Auror dark palette Auror dark
  • Midnight palette Midnight