by Daniela Buxo | Jun 28, 2022 | News
A new GLPI version is available.
This release fixes several critical security issues that has been recently discovered. Update is strongly recommended!
You can download the GLPI 10.0.2 archive on GitHub.
Exceptionally, as we have a critical security issue on an unauthenticated page, we also release a GLPI 9.5.8 archive.
You’ll find below the list of security issues fixed in this bugfixes version:
- Unauthenticated SQL injection on login page (CVE-2022-31061)
- SQL injection on actor part in assistance forms (CVE-2022-31056)
- Unauthenticated Sensitive Data Exposure on Refused Inventory Files (CVE-2022-31068)
Also, here is a short list of important bugfixes done in this version:
- FIX adding actors to ITIL Objects (#11796, #11957)
- FIX unwanted “promote to ticket” feature on self-service interface (#11834)
- FIX native inventory do not inject switch information (#11864)
- FIX entity for software creation (#11887, #11837)
- FEAT permits global lock on entity (#11853)
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
by Daniela Buxo | Jun 20, 2022 | News
You’re encouraged to upgrade your GLPI agents or migrate if you’re still using FusionInventory agents.
You can download it on the GLPI Agent github project:
https://github.com/glpi-project/glpi-agent/releases/tag/1.3
This release includes some fixes and enhancements. Here are the most important ones:
- we implemented a feature request from the community to support SSL server certificate of the GLPI server deployment with operating system deployment feature:
- on windows, the glpi server certificate can be deployed through the enterprise keystore,
- on macosx, the glpi server certificate can be deployed in system keychain through a MDM.
- we added the support of the new ‘ssl-fingerprint’ option and it permits to trust a GLPI server certificate without the need of deploying a certificate:
- you can first enable one time the ‘no-ssl-check’ option on one agent to find the related ssl fingerprint reported in agent log,
- then you can set the discovered value for all your agents and disable ‘no-ssl-check’ on the first one.
- the windows MSI packaging is now using Perl 5.36.0 and includes some fixes and improvements:
- as it was wrongly creating firewall rules, this is fixed and wrong rules are removed,
- few libraries was missing if you wanted to use SNMPv3 authentication during network discovery or inventory,
- the installer was failing to create the windows task when you wanted to use windows task scheduling,
- few configurations was not possible during silent installation.
- the MacOSX packages has been upgraded to use Perl 5.36.0, OpenSSL 3.0.3 & zlib 1.2.12 and the installation on APFS filesystem has also been fixed.
- for linux packaging, we have also few big improvements:
- AppImage support for older linux like CentOS 7,
- AppImage uninstallation process has been improved,
- Snap packaging has been upgraded to use Perl 5.36.0,
- perl linux installer has been enhanced to support installation on openSUSE.
- For inventory task, we integrated:
- a patch from the community which can fix monitor inventory on linux,
- an Oracle database inventory support update,
- an update to avoid false positive antivirus alert during software inventory on windows,
- a fix on JSON format support to avoid wrongly encoded strings on macosx,
- a fix against a JSON validation error while monitor serial is an integer,
- a fix on generated partial inventory as the ‘partial’ property was missing,
- an update for additional-content option support while using JSON format.
- RemoteInventory task has been improved so remote ssh inventory of linux/unix platforms can fallback on ssh command calls when libssh2 is not available.
- Netdiscovery and NetInventory tasks now includes a module from the community which enhances DefensePro support.
As always, you can check the more detailed changelog at:
https://github.com/glpi-project/glpi-agent/blob/1.3/Changes
by Daniela Buxo | Jun 3, 2022 | News
Here is the first bugfixes release for GLPI 10.
You can download the archive on GitHub.
A lot of issues have been fixed since the first GLPI 10 version.
Below you will find a short list of key points of this release:
- Several fixes on inventory rules
- Several fixes for reservation feature
- Fix status change in assistance objects when modifying actors
- Fix preselection as requester in assistance object
- Add global locks management for inventory
- Re-implementation of the document addition action in assistance object
- Impersonate feature now displays hints if unavailable
- Updates with GLPI console can now check integrity of the database
- The GANTT feature has been moved to a plugin
- The GLPI licence has been moved to GPLv3+
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contribute regularly to the GLPI project!
Regards.
by Polina Marishicheva | Dec 18, 2019 | Blog, En bref
Après plusieurs semaines de développement, Teclib’ a le plaisir de vous annoncer la sortie de GLPI version 9.4.5.
L’archive de GLPI version 9.4.5 est disponible sur GitHub.
Vous trouverez ci-dessous la liste des changements les plus importants de cette version corrective :
- Les PDU sont maintenant associables aux tickets
- Corrections de plusieurs problèmes autour du moteur de recherche
- Correction de l’import des groupes LDAP
- Correction du lien sur les objets ITIL en fonction de leur statut
- Correction d’un problème de casse à la synchronisation des emails depuis Active Directory
- Et bien plus !
Voir le journal des changements complet pour plus de détails.
Nous remercions toutes les personnes qui ont contribué à cette nouvelle version et plus généralement toutes celles et ceux qui soutiennent régulièrement le projet GLPI.
Pour rappel, nous avons recemment lancé le service GLPI Network Cloud.
Si vous avez besoin d’une démonstration gratuite et personnelle ou d’une instance avec les plugins supportés par GLPI-Network, visitez glpi-network.cloud.
by Polina Marishicheva | Aug 22, 2019 | Announcements
Formcreator plugin for GLPI is a plugin which allows to create custom forms of easy access and also one or more tickets or changes when the form is filled. Today we are happy to announce the release of Formcreator plugin version 2.8.4
Want to know more about how it works? Find the answer in our blog post.
Bug Fixes
* dropdownfield: restrict item types assignable to ticket
* dropdownfield: unwanted single quote escaping when rendering target ticket
* form: anonymous forms don’t load JS
* form: duplicate question conditions
* form: import of form category with single quote
* formanswer: better restrict list of formanswers
* formanswer: more permissive READ access to formanswers
* glpiobject: make items searchable easier
* install: useless columns in schema of fresh installation
* install: database schema inconsistencies between install and upgrade
* install: inconsistency between install and upgrade
* install: move columns in some tables
* install: possible upgrade issue
* install: upgrade to 2.7 misses range for select and text area
* integerfield, floadfield: avoid integrity checks in parse AnswerValue
* issue: missing status for all statuses
* locales: drop unwanted file
* question: handle cascaded show/hide conditions
* selectfield: select field cannot support range
* tagfield: show in saved answers the tag names
* tags: bad tag filter when selecting tags for target ticket
* target_actor,change_actor: fix duplication
* targetticket: fix tags handling
* targetticket,targetchange: fix not rendered fields
* targetticket,targetchange: remove HTML code tag
* targetticket,targetchange: remove more code tags
* wizard: form categories may show when they are empty
* wizard: inconsistency between helpdesk and service catalog
Features
ldapfield: allows to create conditions to show questions or not depending on the content of another question of LDAP type
Download: click the link.
