GLPI Agent 1.7

by | Dec 21, 2023 | Blog, News

GLPI Agent 1.7 has been released.

You’re encouraged to upgrade your GLPI agents or migrate if you’re still using FusionInventory agents.

You can download it on the GLPI Agent github project: https://github.com/glpi-project/glpi-agent/releases/tag/1.7

Here is a summary of the most important changes of the 1.7 version:

  • some important fixes have been made on ToolBox plugin in relation with NetDiscovery and RemoteInventory tasks:
    • the defined timeout will only apply on connection tries during discovery where the agent backend-collect-timeout configuration will apply on the inventory
    • a possible locking issue while running the discovery has been fixed
    • we updated the way we define the “Agent Folder” local target in inventory tasks configuration to have a more appropriate sens when the agent is running as a service
    • an issue blocking the submission of JSON remote inventory was fixed
  • for NetDiscovery and NetInventory tasks, we also have:
    • an enhanced support of Toshiba printers
    • a fix related to the support of LLDP connection datas analysis
  • for ToolBox plugin, we also fixed the export button on the results page
  • the RemoteInventory task also includes:
    • a fix for the inventory of softwares from a windows remote with a windows agent
    • a fix for computer FQDN and domain inventory
    • an update to support timezone inventory
    • an update to support printer inventory via ssh using perl mode
    • a fix for an error preventing ssh inventory because of a wrong option in the “ssh” mode
  • the ESX task has been fixed to work as expected with the GlpiInventory plugin without living the job in a “ko” status with just “n/a” as description while the inventory is still normally integrated
  • the Inventory task has received few improvements:
    • the support of SentinelOne antivirus on linux. It was implemented by a community contributor, many thanks to him !
    • the assetname-support option has been updated to authorize forcing the asset name with its FQDN on linux. Also that option also changes the computing of the agent name in the same way.
    • a fix related to the inventory of network cards on linux
    • an update to find the wifi card network speed on linux
  • the MacOSX package has been udpated to use OpenSSL 3.2.0
  • the Apple AppID for the MacOSX package has been updated
  • the 1.6 and 1.6.1 linux perl installers had a problem generating an error during agent update and this is now fixed
  • to optimize the running time while using a server url with SSL support, we decided to no more try to export the ssl key store if any of the options providing SSL server certificate authentication is still used

As always, you can check the more detailed changelog at: https://github.com/glpi-project/glpi-agent/blob/1.7/Changes

About the MSI windows installer, it appears the used perl version is now completely outdated and requires a very big update. This essentially concerns the OpenSSL and libssh2 libraries, the last been used for remote inventory. As we use StrawberryPerl and this project decided to no more support the 32 bits perl version, we decided the 1.7 version will be the last to provide GLPI Agent in 32 bits. This perl update will be the main goal of the next 1.8 version.

Formcreator 2.13.7

by | Aug 30, 2023 | Blog, Formcreator, News

This version is compatible with GLPI 10.0.

 

⚠️ This release requires some bugfixes in GLPI to work properly. These bugfixes are included in GLPI 10.0.9 or later. Please, ensure your GLPI is up to date to prevent useless bug reports.

 

Bug Fixes

 

  • Adding READ right for display reservations menu tab (03e6281e)
  • bad lcoale in en_US (db9986f1)
  • resize dashboard to match GLPI’s core (#3306) (9272cda3)
  • TargetChange: use RichText instead of plaintext (8845b888)
  • checkboxesfield,radiosfield,selectfield: add missing error messages (66585193)
  • datefield, datetimefield: comparison against empty string (be4831c7)
  • dropdownfield: SQL error for GLPI objects / tickets and some specific rights (2539e366)
  • dropdownfield: handle specific case with Entity itemtype (bd25e7d1)
  • dropdownfield: missing entity restriction setting (54543cb3)
  • dropdownfield: prevent language switching and log error (49f8fc07)
  • fieldsfield: restore mandatory field as read only (52a9fc2b)
  • form,category: obey show count on tabs parameter (f4ebf9e5)
  • form_language: obey show counter in tab setting (9dfc3b8d)
  • formanswer: php warning (ce078990)
  • formanswer: prevent silent rejection of answers (d630302d)
  • formanswer: redirect to login if session expired (eb0acb65)
  • glpiselectfield: fix namespace (#3287) (613e0fad)
  • install: missing row in sql query, causing PHP warning (0c47776a)
  • issue: php warnings when anonymisation enabled (f6f01d7d)
  • issue: prevent fatal error in tooltip (3419affc)
  • question,section: duplicate a question or section must duplicate inner conditions (22597832)
  • section: cannot rename section twice (7bbb9b81)
  • section: condition rule loss after duplicate / import (883a1227)
  • section: duplicate form may lead to bad question id in condition (a6f9c41c)
  • section: rename section impacts display of inner questions (c4277d8c)
  • selectfield,multiselectfield: fix possible encoding problem (8aaec8ac)
  • targetchange,targetproblem: folow method call signature for fields plugin (016696ab)
  • textfield: Unescaped HTML when displaying a form answer (6ce71f95)
  • textfield: exception while displaying counters (0a857d7f)
  • textfield: target ticket title need html encoding (1b71d652)

 

Full changelog and downloadclick here

GLPI 10.0.7 is available!

by | Mar 28, 2023 | News

New version GLPI 10.0.7: A new GLPI version is available.

This release fixes several security issues that have been recently discovered. Update is recommended!

You can download the GLPI 10.0.7 archive on GitHub.
We still maintain maintain the 9.5 branch for security fixes and we also release a new version for it: GLPI 9.5.13 archive

You will find below the list of security issues fixed in this bugfixes version:

  • SQL injection and Stored XSS via inventory agent request (CVE-2023-28849).
  • Account takeover by authenticated user (CVE-2023-28632).
  • SQL injection through dynamic reports (CVE-2023-28838).
  • Stored XSS through dashboard administration (CVE-2023-28852).
  • Stored XSS on external links (CVE-2023-28636).
  • Reflected XSS in search pages (CVE-2023-28639).
  • Privilege Escalation from technician to super-admin (CVE-2023-28634).
  • Blind Server-Side Request Forgery (SSRF) in RSS feeds (CVE-2023-28633).

Also, here is a short list of main changes done in this version:

  • Optional GLPI router to be able to use a safer web server root directory.
  • Support of SMTP OAuth authentication.
  • Improved inventory file upload feature.
  • Many fixes and improvements on native inventory.
  • Some bugs on PHP 8.2.
  • Caching issues on entities.
  • Boolean FullText operator not working on knowledge base search.
  • Unexpected search results when using negative condition on ticket actors.
  • Issues with LDAP filters/DN.
  • Unexpected results when searching on knowledge base categories.

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Download GLPI now: https://glpi-project.org/downloads/

Regards.

GLPI 9.5.x will be discontinued

by | Feb 27, 2023 | News

Dear GLPI Community!

We would like to announce that official support for GLPI 9.5.x will be discontinued on 30.06.2023. Starting from the 1st of July 2023 (3 years after the first launch of this version) we will have to say goodbye –  there will be no new releases 9.5.x.

It is mandatory to migrate to GLPI 10.0.x in order to be covered by official support. 

How-to MIGRATE:

—OPTION 1: You can do the migration via official partners-integrators (if you have a valid GLPI Network Subscription); or

—OPTION 2: If you choose GLPI Network Cloud, we offer a free data migration from on-premise for everyone.

We ask you to communicate the upcoming changes to your customers and finish migrations before 30.06.2023. 

Thank you! 

New Formcreator 2.13.4 is available!

by | Jan 25, 2023 | News

This version is compatible with GLPI 10.0.

Upgrade from 2.13.0 or later

A database sanity check is done before running the upgrade. If the tables of the plugin have a difference with the expected schema the upgrade will fail with a message similar to the following:

The database schema is not consistent with the installed Formcreator 2.13.0. 
To see the logs enable the plugin and run the command bin/console glpi:database:check_schema_integrity -p formcreator

It is required to fix the database, using the diff produced by the CLI command given in the message. Once done, try again to upgrade.

ℹ️ If you know what you are doing you may bypass the sanity check from CLI with the following command.

bin/console glpi:plugin:install formcreator -f -p skip-db-check

Bug Fixes

  • handle undefined setting for service catalog homepage (411ae3597)
  • typo in french locale (f61ded17a)
  • abstractitiltarget: multiple tag questions set but not displayed in designer (90f2a95d8)
  • checkboxesfield,multiselectfield: default value not displayed (8f36ab726)
  • composite: ignore link to non existing ticket (8502d4b16)
  • condition: allow longer texts (eecdf8a2a)
  • condition: display of tested question shows wrong item (5d34da8b4)
  • condition: width of question dropdown (ce0389efd)
  • dropdownfield: empty SQL IN statement when restricted tickets rights (5c5244a85)
  • form: image upload handling in header field (5dc66a5ef)
  • formanswer: default search filter hides legit access (2dc9f8e3f)
  • formanswer: malformed search option (5339b7912)
  • formanswer: missing newline between sections of fullform tag (61122bc93)
  • formanswer: temporary disable debug mode (e9e8da484)
  • formanswer, textfield, textareafield: escaping (3e0666d4d)
  • glpiselectfield: cannot set empty value by default for entity question (fe2130bbe)
  • glpiselectfield: restore entity restriction for users (e525b3a82)
  • helpdesk: better handling of users that can’t see tickets (a93f03126)
  • install: add empty schema for new version (817a9ec7e)
  • install: resync not needed in upgrade to 2.13.4 (d66a12017)
  • install: typo in method name (eac5d77ac)
  • issue: follow entity change on ticket transfer (434bd3572)
  • issues: Tooltip consistency with core (c45d21550)
  • question: subtype plural and appliance in bad group (1f780370a)
  • tagfield: php warning (cc4b673a8)
  • targetticket: allow more itemtypes to associated elements (#3155) (cee504c24)
  • textfield: useless HTML entity encode (c3d03b51e)

Features

  • drop support for GLPI 10.1 (a99a8bcb2)
  • dropdownfield: always show ticket id (0190adac9)
  • issue: access tickets from service catalog (a6b4f19d0)
  • question: add support for database sub itemtype (45126012d)
  • wizard: selectable home page in service catalog (95103fe54)

Check the changelog and download