Releases: glpi-project/glpi
Releases · glpi-project/glpi
10.0.0-rc3
GLPI 10.0.0-rc3
Major features:
- New Modern interface with Bootstrap + tabler.io + Twig
- Redesign of the timeline of Helpdesk objects
- Native automatic inventory
- Refresh of GANTT and reservations view
- Kanban in helpdesk list
See changelog for detail.
Many things has changed since the release of GLPI 10.0.0-rc2, including:
- begin to work on PHP 8.2 support (#10975)
- issues on network ports metrics (#10987)
- agent should be linked to computers only (#10819)
- rework inventory logs (#10997, #11020)
- fix IPNetwork inventory (#10983)
- fix predefined fields in selfservice (#10886)
- permits to reach actors loading from template when opening new ticket (#10950 )
- and many more!
See rc2 to rc3 changelog for detail.
10.0.0-rc2
See rc1 to rc2 changelog for detail.
10.0.0-rc1
See beta to rc1 changelog for detail.
9.5.7
This is a security release, upgrading is recommended
Non exhaustive list of changes:
- [SECURITY] SQL injection using custom CSS administration form [CVE-2022-21720]
- [SECURITY] Reflected XSS using reload button [CVE-2022-21719]
- FIX missing mail headers in mail collector rules engine (#10337)
- FIX infinite loop when collecting mail attachments with the same name (#9667)
- FIX zero height images in mail collector (#10109)
- FIX duplicate ranking when rules are ordered (#9888)
- FIX anonymous ticket creation (#10320)
- FIX project cloning (#9964)
- and more!
See changelog for details.
10.0.0-beta
Major features:
- New Modern interface with Bootstrap + tabler.io + Twig
- Redesign of the timeline of Helpdesk objects
- Native automatic inventory
- Refresh of GANTT and reservations view
- Kanban in helpdesk list
See changelog for detail
9.5.6
This is a security release, upgrading is recommended
Non exhaustive list of changes:
- [SECURITY] Disclosure of GLPI and server informations in telemetry endpoint [CVE-2021-39211]
- [SECURITY] Autologin cookie accessible by scripts [CVE-2021-39210]
- [SECURITY] Bypassable CSRF protection on ajax endpoints [CVE-2021-39209]
- [SECURITY] Bypassable IP restriction on GLPI API using custom header injection [CVE-2021-39213]
- FIX Mailgate "Missing type for Ticket template" warning
- FIX Display of images in tickets from collected mails
- FIX Encoding issue with emails in GB2312 containing special characters
- FIX Emails rules not working after upgrading to 9.5.5
- FIX Incorrect KPIs Dashboards compared to the GLPI filter
- FIX marking LDAP user as deleted after a failed password
- FIX Prevent usage of date filters on full LDAP sync
- and more!
See changelog for details.
9.5.5
This is a security release, upgrading is recommended
Non exhaustive list of changes:
- [security] Stored XSS in plugins information (CVE-2021-3486)
- fix entity creation
- removal of raw html in massive actions list
- fix issue with date_creation fields updated with older instances of MySQL servers
- fix wrong count of software counts in assets
- Fix Core API errors on deprecation checks
- and more!
See changelog for details.
9.5.4
This is a security release, upgrading is recommended
Note: those are medium security issues.
Some are present since a long time (version 0.68), but this time none of these issues were considered as high/critical.
Non exhaustive list of changes:
- [security] Horizontal Privilege Escalation (CVE-2021-21326)
- [security] entities switch IDOR (CVE-2021-21255)
- [security] XSS injection in
ajax/kanban(CVE-2021-21258) - [security] XSS injection on ticket update (CVE-2021-21314)
- [security] Stored XSS on documents (CVE-2021-21312)
- [security] XSS on tabs (CVE-2021-21313)
- [security] Stored XSS in budget type (CVE-2021-21325)
- [security] Unsafe Reflection in
getItemForItemtype()(CVE-2021-21327) - [security] Insecure Direct Object Reference (IDOR) on "Solutions" (CVE-2021-21324)
- Handle RFC5987 format in Content-Disposition header
- Fix email attachement decoding logic
- Fix tickets ID fetching from email headers
- Fix graph counts
- Add search filter criteria for widget by year
- New filter ‘my groups’
- Populate meta criteria in a generic way
- Make custom css from entity inheritables
- and more!
See changelog for details.
9.5.3
This is a security release, upgrading is recommended
Note: those are medium security issues.
Non exhaustive list of changes:
- [security] Insecure Direct Object Reference on
ajax/comments.phpandajax/getDropdownValue.php(CVE-2020-27662 and CVE-2020-27663) - [security] Any CalDAV calendars is read-only for every authenticated user (CVE-2020-26212)
- several dashboards issues
- several fixes and enhancements with mail collector
- new dashboard filters on tech users and tech groups
- PHP8 compatibility
- and more!
See changelog for details.
9.5.2
This is a security release, upgrading is highly recommended
Note: some of fixed vulnerabilities are present since a long time (0.68).
Non exhaustive list of changes:
- [security] SQL injection with a query parameter of user form (CVE-2020-15176)
- [security] Removal of
.htaccessfile in thefilesfolder via a plugin endpoint (CVE-2020-15175) - [security] Leakage issue with knowledge base (CVE-2020-15217)
- [security] Stored XSS in install script (CVE-2020-15177)
- [security] Minor SQL Injection in
SearchAPI (CVE-2020-15226) - several mailgate issues
- several dashboards issues
- dashboards improvements: personnal filters, new summary and articles widgets, ...
- and more!
See changelog for details.