You are not logged in.
- Topics: Active | Unanswered
Announcement
Download last stable version of GLPI - What can you do for GLPI ? : Contribute
Pages: 1
#1 2022-10-05 11:26:09
- francois-teclib
- Expert GLPI
- From: TECLIB
- Registered: 2006-11-05
- Posts: 74
- Website
GLPI 10.0.3
This release fixes several critical security issues that has been recently discovered. Update is strongly recommended!
You will find below the list of security issues fixed in this bugfixes version:
[SECURITY] XSS through registration API (CVE-2022-35945)
[SECURITY] Leak of sensitive information through login page error (CVE-2022-31143)
[SECURITY] Stored XSS through global search (CVE-2022-31187)
[SECURITY] [critical] Command injection using a third-party library script (CVE-2022-35914)
[SECURITY] SQL injection through plugin controller (CVE-2022-35946)
[SECURITY] [critical] Authentication via SQL injection (CVE-2022-35947)
[SECURITY] Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning (CVE-2022-36112)
Also, here is a short list of main changes done in this version:
[FEATURE] More precise rights checks on inventory (#12610)
[FEATURE] Display of last inventoried value for locked fields (#12602)
[FEATURE] Permit to use rules to add computers as virtual machines (#12572)
[SECURITY] Delegate session cookies security to sysadmin (#12302)
[FIX] Prevent collector failure on invalid mail header (#12232)
[FIX] Many fixes on network inventory
See full technical changelog for details.
We would like to thank all people who contributed to this new version and all those who contribute regularly to the GLPI project!
Besoin d'un support professionnel pour GLPI ? Pensez à GLPI Network ! https://glpi-project.org/fr/tarifs/
Connaissez-vous l'offre Cloud maintenue et supportée par l'équipe qui édite GLPI ?
Vous pouvez tester gratuitement pendant 45 jours ! https://glpi-network.cloud (ou plus si besoin)
Offline
Pages: 1