by Daniela Buxo | Jun 28, 2022 | News
A new GLPI version is available.
This release fixes several critical security issues that has been recently discovered. Update is strongly recommended!
You can download the GLPI 10.0.2 archive on GitHub.
Exceptionally, as we have a critical security issue on an unauthenticated page, we also release a GLPI 9.5.8 archive.
You’ll find below the list of security issues fixed in this bugfixes version:
- Unauthenticated SQL injection on login page (CVE-2022-31061)
- SQL injection on actor part in assistance forms (CVE-2022-31056)
- Unauthenticated Sensitive Data Exposure on Refused Inventory Files (CVE-2022-31068)
Also, here is a short list of important bugfixes done in this version:
- FIX adding actors to ITIL Objects (#11796, #11957)
- FIX unwanted “promote to ticket” feature on self-service interface (#11834)
- FIX native inventory do not inject switch information (#11864)
- FIX entity for software creation (#11887, #11837)
- FEAT permits global lock on entity (#11853)
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
by Polina Marishicheva | Apr 13, 2021 | Blog, News, Unclassified
After several weeks, Teclib’ is happy to announce the release of GLPI 9.5.5.
This release fixes a security issue that has been recently discovered. Update is recommended!
You can download the GLPI 9.5.5 archive on GitHub.
You’ll find below the list of changes in this bugfixes version:
- Stored XSS in plugins information (CVE-2021-3486 by @n3k00n3)
- fix entity creation
- removal of raw html in massive actions list
- fix issue with date_creation fields updated with older instances of MySQL servers
- fix wrong count of software counts in assets
- Fix Core API errors on deprecation checks
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Looking for professional support? Check our GLPI Network Subscriptions offer or try GLPI Network Cloud.
by Polina Marishicheva | Nov 25, 2020 | Blog, GLPI releases, News
Teclib’ is happy to announce the release of GLPI 9.5.3.
This release fixes medium security issues that has been recently discovered. Update is recommended!
You can download the GLPI 9.5.3 archive on GitHub.
Here is the list of security cases detected and fixed in this version:
- Any CalDAV calendars is read-only for every authenticated user (CVE-2020-26212)
- Insecure Direct Object References in ajax files (CVE-2020-27662 && CVE-2020-27663)
Note that some are present since a long time (version 0.68), but this time none of these issues was considered as high/critical.
We also fixed a lot of bugs, here are important ones:
- we continue the work on stabilizing the usage of laminas/mail library:
- Attachments were not imported as documents with specific content-disposition.
- Some HTML mails were imported as text (and html was present in the description of the ticket).
- For the dashboards:
- Bars and lines graphs were animated not correct inn recent versions of chromium based browsers.
- Default pages for users without dashboard were empty.
- Adding some missing filters: tech users and tech groups.
- Misc:
- A new cli command to set GLPI configuration values.
- Response time on personnal tab of index is now improved.
- PHP8 compatibility.
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
by Polina Marishicheva | Oct 7, 2020 | Blog, GLPI releases, News
After several weeks, Teclib’ is happy to announce the release of GLPI 9.5.2.
This release fixes several security issues that has been recently discovered. Update is strongly recommended!
You can download the GLPI 9.5.2 archive on GitHub.
Here is the list of security flaws detected and fixed in this version:
- SQL injection with a query parameter of user form (CVE-2020-15176)
- Removal of
.htaccess file in the files folder via a plugin endpoint (CVE-2020-15175)
- Leakage issue with knowledge base (CVE-2020-15217)
- Stored XSS in install script (CVE-2020-15177)
- Minor SQL Injection in
Search API (CVE-2020-15226)
Note, some are present since a long time (0.68).
We also fixed a lot of issues, here are important ones:
- mailgates issues:
- encoding errors
- missing images in some tickets
- exceptions for some particular messages
- a small notice (
listTables) was visible while updating to 9.5.1.
- in some rare cases, the encryption process of passwords could fail
- For the dashboards:
- fix user preferences
- fix overlap of mini dashboard above tickets list
And we worked on improving the dashboards:
- new summary widget
- new articles widget
- display labels on point and bar (with a new available option)
- cards have now a minimum size
- we added personnal filters. Toggle edit mode, and add filters on top of dashboards.
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
by Polina Marishicheva | Jul 16, 2020 | Blog, GLPI releases, News
After several days, Teclib’ is happy to announce the release of GLPI 9.5.1.
This release fixes a security issue that has been recently discovered. Update is strongly recommended.
You can download the GLPI 9.5.1 archive on GitHub.
You’ll find below the list of changes in this bugfixes version:
- SQL injection on new clone feature
- alignment of some table columns
- added domains in global search and Assets > global
- fixed several problems with email retrieval via email collectors
- fixed several display problems in the planning
- correction (and error display) of marketplace registration key input
- and others.
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
