GLPI Release 10.0.14

by | Mar 14, 2024 | Blog, News

A new GLPI version is available.

Due to a few regressions in the last (10.0.13), an early release is available.

You can download the GLPI 10.0.14 archive on GitHub.

Here is the list of corrections made in this version:

  • Fix assign field when suppliers assign is available
  • Switching entities issues

Regards.

GLPI Release 10.0.13

by | Mar 13, 2024 | News

A new GLPI version is available!

This release fixes a few security issues that have been recently discovered. Update is recommended!

You can download the GLPI 10.0.13 archive on GitHub.

You will find below the list of security issues fixed in this bugfixes version:

  • SQL Injection in through the search engine (CVE-2024-27096)
  • Blind SSRF using Arbitrary Object Instantiation (CVE-2024-27098)
  • Stored XSS in dashboards (CVE-2024-27104)
  • Reflected XSS in debug mode (CVE-2024-27914)
  • Sensitive fields access through dropdowns (CVE-2024-27930)
  • Users emails enumeration (CVE-2024-27937)

Also, here is a short list of main changes done in this version:

  • Error when creating a Ticket with SLA/OLA.
  • Weekly recurrent reservations creation does not work.

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Regards.

Download GLPI

GLPI Release 10.0.12

by | Feb 1, 2024 | News

A new GLPI version is available.

This release fixes a few security issues that have been recently discovered. Update is recommended!

You can download the GLPI 10.0.12 archive on GitHub.

You will find below the list of security issues fixed in this bugfixes version:

  • Reflected XSS in reports pages (CVE-TODO)
  • LDAP Injection during authentication (CVE-2023-51446)

Also, here is a short list of main changes done in this version:

  • Regression with entity selector missing cache invalidation
  • Better handling of connection issues during LDAP synchronization
  • The entity selector get significant reduction of load time in some cases

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Regards.

Download GLPI

GLPI Agent 1.7.1

by | Dec 22, 2023 | Blog, News

GLPI Agent 1.7.1 has been released.

You can download it on the GLPI Agent github project: https://github.com/glpi-project/glpi-agent/releases/tag/1.7.1

The 1.7.1 version specifically fixes SSL connections problems introduced with 1.7 version update for windows and MacOSX agents but only when you’re using windows keystore or macosx keychain to publish the ssl chain validation for your GLPI server.

You don’t need to update to 1.7.1 after updating to 1.7 if you’re not in that case.

GLPI Agent 1.7

by | Dec 21, 2023 | Blog, News

GLPI Agent 1.7 has been released.

You’re encouraged to upgrade your GLPI agents or migrate if you’re still using FusionInventory agents.

You can download it on the GLPI Agent github project: https://github.com/glpi-project/glpi-agent/releases/tag/1.7

Here is a summary of the most important changes of the 1.7 version:

  • some important fixes have been made on ToolBox plugin in relation with NetDiscovery and RemoteInventory tasks:
    • the defined timeout will only apply on connection tries during discovery where the agent backend-collect-timeout configuration will apply on the inventory
    • a possible locking issue while running the discovery has been fixed
    • we updated the way we define the “Agent Folder” local target in inventory tasks configuration to have a more appropriate sens when the agent is running as a service
    • an issue blocking the submission of JSON remote inventory was fixed
  • for NetDiscovery and NetInventory tasks, we also have:
    • an enhanced support of Toshiba printers
    • a fix related to the support of LLDP connection datas analysis
  • for ToolBox plugin, we also fixed the export button on the results page
  • the RemoteInventory task also includes:
    • a fix for the inventory of softwares from a windows remote with a windows agent
    • a fix for computer FQDN and domain inventory
    • an update to support timezone inventory
    • an update to support printer inventory via ssh using perl mode
    • a fix for an error preventing ssh inventory because of a wrong option in the “ssh” mode
  • the ESX task has been fixed to work as expected with the GlpiInventory plugin without living the job in a “ko” status with just “n/a” as description while the inventory is still normally integrated
  • the Inventory task has received few improvements:
    • the support of SentinelOne antivirus on linux. It was implemented by a community contributor, many thanks to him !
    • the assetname-support option has been updated to authorize forcing the asset name with its FQDN on linux. Also that option also changes the computing of the agent name in the same way.
    • a fix related to the inventory of network cards on linux
    • an update to find the wifi card network speed on linux
  • the MacOSX package has been udpated to use OpenSSL 3.2.0
  • the Apple AppID for the MacOSX package has been updated
  • the 1.6 and 1.6.1 linux perl installers had a problem generating an error during agent update and this is now fixed
  • to optimize the running time while using a server url with SSL support, we decided to no more try to export the ssl key store if any of the options providing SSL server certificate authentication is still used

As always, you can check the more detailed changelog at: https://github.com/glpi-project/glpi-agent/blob/1.7/Changes

About the MSI windows installer, it appears the used perl version is now completely outdated and requires a very big update. This essentially concerns the OpenSSL and libssh2 libraries, the last been used for remote inventory. As we use StrawberryPerl and this project decided to no more support the 32 bits perl version, we decided the 1.7 version will be the last to provide GLPI Agent in 32 bits. This perl update will be the main goal of the next 1.8 version.