GLPI Release 10.0.15

A new GLPI version is available.

This release fixes a few security issues that have been recently discovered. Update is recommended!

You can download the GLPI 10.0.15 archive on GitHub.

You will find below the list of security issues fixed in this bugfixes version:

  • Authenticated SQL injection from map search (CVE-2024-31456)
  • Account takeover via SQL Injection in saved searches feature (CVE-2024-29889)

Also, here is a short list of main changes done in this version:

  • Fix used right by reservation form.
  • Do not rely on input to apply rules rights.
  • Always store updated SMTP Oauth refresh token.
  • Upgrade tinymce.

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Regards.

Stay connected! Follow us on our social media platforms!

Migration to GLPI 10: FAQ

At Teclib´ we are happy to announce that we are expecting the release of GLPI 10 in the following weeks. We have received many questions related to migration from older versions of GLPI/compatibility of plugins and decided to publish a dedicated video. Watch it on Youtube or read the transcription below.

  1. From which GLPI version I can migrate to GLPI 10?  

You can migrate to version 10 from any GLPI version (we support migrations from at least 0.80 version), all data, like users, tickets or assets, will be transferred. 

  1. What should I consider before migration? Which data can be lost in migration?  

The server must have at least PHP 7.4 and MySQL 5.6 dependencies. If your server doesn’t have these, you must upgrade these requirements. 

No data loss is expected, but as usual, make backups (files and database) and/or snapshots. 

You will need to execute some optional migrations after GLPI main update with the help of the console. 

If you have custom developments or core changes, please note they will be erased when copying the files. Consider porting them before the migration. 

  1. Which plugins will be compatible with GLPI 10?  

All plugins listed in GLPI Network Subscriptions (both Community and Exclusive ones) will be compatible with GLPI 10.  

Check https://plugins.glpi-project.org/#/version/~~10.0.0/plugins for a community based list. 

  1. What advantages has native inventory? 

In addition to the small gain of not using a plugin, the feature will use less history data and database storage (for example, software updates take 1 line instead 2). 

We worked also on user experience, you have now assets separated by types for a more comfortable setup. 

It unlocks some features like partial inventories, which reduces performances footprint.  

More asset types are available for inventory (you can send files for racks, appliances, certificates, etc). 

In combination with GLPI agent, you also obtain some great features: 

  • Databases inventory 
  • Proxy mode for DMZ  
  • Remote inventory (agentless) for windows and linux. 
  • Stand-alone SNMP tasks 

Our professional support for on-premise (GLPI Network Subscriptions) covers support L.3 for migration from GLPI 9.5 to GLPI 10. 

All GLPI Network Cloud paid customers will be upgraded for free. 

GLPI 10.0.0-rc2

Major features:

New Modern interface with Bootstrap + tabler.io + Twig

Redesign of the timeline of Helpdesk objects

Native automatic inventory

Refresh of GANTT and reservations view

Kanban in helpdesk list

See full changelog for detail.

Many things has changed since the release of GLPI 10.0.0-rc1, including:

  • Fix models creation (#10753)
  • Fix global search view (#10674)
  • Fix map search view (#10657)
  • Fix validation form in Approvals tab (#10509)
  • Fix cable asset endpoint dropdown (#10713)
  • Fix browsers notification (#10612)
  • Fix race condition on cache operations (#10650)
  • Fix dropdown/entity form (#10572)
  • Fix devices header links (#10552)
  • Fix editing task from planning (#10139)
  • Fix category dropdown in simplified interface (#10591 #10597)
  • Fix Knowledge base display (#10533)
  • Fix entity of tickets created from simplified interface (#10550)
  • and many more!

See rc1 to rc2 changelog for detail.

Report bugs: https://github.com/glpi-project/glpi/issues