GLPI 9.5.3

francois-teclib · 2020-12-17 09:29:51

This release fixes medium security issues that has been recently discovered. Update is recommended!

You can download the GLPI 9.5.3 archive on GitHub: https://github.com/glpi-project/glpi/releases/tag/9.5.3

Here is the list of security cases detected and fixed in this version:

- [security] Any CalDAV calendars is read-only for every authenticated user (CVE-2020-26212)
- [security] Insecure Direct Object References in ajax files (CVE-2020-27662 && CVE-2020-27663)
- Note that some are present since a long time (version 0.68), but this time none of these issues was considered as high/critical.

We also fixed a lot of bugs, here are important ones:

we continue the work on stabilizing the usage of laminas/mail library:
- Attachments were not imported as documents with specific content-disposition.
- Some HTML mails were imported as text (and html was present in the description of the ticket).

For the dashboards:
- Bars and lines graphs were animated not correct inn recent versions of chromium based browsers.
- Default pages for users without dashboard were empty.
- Adding some missing filters: tech users and tech groups.

Misc:
- A new cli command to set GLPI configuration values.
- Response time on personnal tab of index is now improved.
- PHP8 compatibility.

The full changelog is available for more details: https://github.com/glpi-project/glpi/mi … 4?closed=1

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Forum GLPI-Project

Announcement

#1 2020-12-17 09:29:51

GLPI 9.5.3

Board footer