⚠️ This release requires some bugfixes in GLPI to work properly. These bugfixes are included in GLPI 10.0.9 or later. Please, ensure your GLPI is up to date to prevent useless bug reports.
Bug Fixes
Adding READ right for display reservations menu tab (03e6281e)
New version GLPI 10.0.7: A new GLPI version is available.
This release fixes several security issues that have been recently discovered. Update is recommended!
You can download the GLPI 10.0.7 archive on GitHub. We still maintain maintain the 9.5 branch for security fixes and we also release a new version for it: GLPI 9.5.13 archive
You will find below the list of security issues fixed in this bugfixes version:
SQL injection and Stored XSS via inventory agent request (CVE-2023-28849).
Account takeover by authenticated user (CVE-2023-28632).
SQL injection through dynamic reports (CVE-2023-28838).
Stored XSS through dashboard administration (CVE-2023-28852).
Stored XSS on external links (CVE-2023-28636).
Reflected XSS in search pages (CVE-2023-28639).
Privilege Escalation from technician to super-admin (CVE-2023-28634).
Blind Server-Side Request Forgery (SSRF) in RSS feeds (CVE-2023-28633).
Also, here is a short list of main changes done in this version:
Optional GLPI router to be able to use a safer web server root directory.
Support of SMTP OAuth authentication.
Improved inventory file upload feature.
Many fixes and improvements on native inventory.
Some bugs on PHP 8.2.
Caching issues on entities.
Boolean FullText operator not working on knowledge base search.
Unexpected search results when using negative condition on ticket actors.
Issues with LDAP filters/DN.
Unexpected results when searching on knowledge base categories.
We would like to announce that official support for GLPI 9.5.x will be discontinued on 30.06.2023. Starting from the 1st of July 2023 (3 years after the first launch of this version) we will have to say goodbye – there will be no new releases 9.5.x.
It is mandatory to migrate to GLPI 10.0.x in order to be covered by official support.
How-to MIGRATE:
—OPTION 1: You can do the migration via official partners-integrators (if you have a valid GLPI Network Subscription); or
—OPTION 2: If you choose GLPI Network Cloud, we offer a free data migration from on-premise for everyone.
We ask you to communicate the upcoming changes to your customers and finish migrations before 30.06.2023.
A database sanity check is done before running the upgrade. If the tables of the plugin have a difference with the expected schema the upgrade will fail with a message similar to the following:
The database schema is not consistent with the installed Formcreator 2.13.0.
To see the logs enable the plugin and run the command bin/console glpi:database:check_schema_integrity -p formcreator
It is required to fix the database, using the diff produced by the CLI command given in the message. Once done, try again to upgrade.
ℹ️ If you know what you are doing you may bypass the sanity check from CLI with the following command.
In a few weeks we will launch the first beta version of GLPI 10. We are working on the last technical elements and preparing the release of compatible plugins on the Marketplace.
One of the biggest news of this version is a major overhaul of the interface and the user experience. The latest redesign since version 0.90 was done in October 2015.
The integration of these standard libraries will make it easier to develop new interfaces and above all brings a “responsive” display mode that is easier to maintain.
Here are some screenshots to give you an overview of the upcoming changes.
Beyond the change in design, we are making a number of user experience improvements, here is the list of key points:
Vertical menu
As you have noticed on the previous screenshots, GLPI now offers by default a layout with a vertical menu. It is still possible to switch to a layout similar to previous versions (named Horizontal) in user settings.
In the new layout it is possible to collapse the menu to have a compact display.
Button “Go to…”
Available since version 9.2 the “Go to” feature which allows a quick search of a menu is now highlighted and can be discovered on top of the menu.
The park equipment now has a panel on their right side where you can click on the images attached.
“Saved search” panel
The “saved search” panel now integrated into GLPI design. You can set it floating, or pinned to pages (to be kept permanently (even after browsing)).
Pinning is done page by page, e.g. a panel pinned to “tickets” will not be pinned to computers.
Note that now you can find it in the first tab, the saved searches corresponding to the type of object: list of tickets will be displayed according to priority of saved searches.
Second tab lists all other searches concerning other types of objects.
As the panel is now contextual to the type of object presented, you can access it via an icon named “Lists” placed next to the breadcrumb trail.
Invisible search engine
It is now possible to deactivate the display of the search engine.
You can navigate in GLPI only using saved searches!
Dynamic loading of search results
The search engine display is now launched in “AJAX” mode. A loading icon is displayed when a search is launched, page changes or sorting is in process. Once new results are available, only the content is replaced and not the entire page.
Multi-sorting of results
With a “ctrl” you can add several sorting modes to the columns of your search results.
Example: sort by “Name” and by “Modification date”.
Page of park elements.
The main element form now displays a panel on the right displaying the images associated with the corresponding model. These images could be previously accessed only in the display part of data center racks, now they are available everywhere.
Redesign of ITIL objects
Display and use of ITIL objects (Tickets, Problems and Changes) are thoroughly reviewed.
Many changes were made:
The order of messages in the “timeline” now goes from the oldest to the most recent, starting from top to bottom, following a usual reading order. New answer now placed below the last one.
A side panel contains the additional information of tickets (dates, priority matrix, actors, etc.). This panel can be temporarily enlarged. We also group by these changes the main tabs and “timeline” within the same view.
Documents added to the timeline are now displayed below the parent object (tracker, task) in a contextual way for easier reading.
Each of the types of actors (requesters, observer and assigned) are now displayed in a single field. Previously, several clicks were required to select a group or a user and then choose the final actor. It is now a single drop-down list unifying all possible objects (differentiating them with an icon) and providing autocompletion.
A button at the bottom of the main view allows you to switch to a “TODO list” view displaying the tasks and validation requests in an interactive vertical list, allowing you to follow the progress of a ticket (or another ITIL object)
New colors
With the arrival of new libraries tabler and Bootstrap 5, it is now much easier to create and modify GLPI palletes.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
