You are not logged in.
- Topics: Active | Unanswered
Announcement
Download last stable version of GLPI - What can you do for GLPI ? : Contribute
Pages: 1
#1 2023-01-24 18:26:49
- francois-teclib
- Expert GLPI
- From: TECLIB
- Registered: 2006-11-05
- Posts: 74
- Website
GLPI 10.0.6
This release fixes several critical security issues that has been recently discovered. Update is strongly recommended!
You will find below the list of security issues fixed in this bugfixes version:
[SECURITY - High] Unauthorized access to inventory files (CVE-2023-22500)
[SECURITY - Moderate] XSS on browse views (CVE-2023-22722)
[SECURITY - Moderate] XSS on external links (CVE-2023-22725)
[SECURITY - Moderate] XSS in RSS Description Link (CVE-2023-22724)
[SECURITY - Moderate] Unauthorized access to data export (CVE-2023-23610)
[SECURITY - Low] Stored XSS inside Standard Interface Help Link href attribute (CVE-2022-41941)
Also, here is a short list of main changes done in this version:
[FEATURE] Unmanaged devices can be handled like a real asset.
[FEATURE] Handle more actions for stale inventory agents.
[FEATURE] Added new dictionnary rules for OS.
[CHANGED] Removed glpi: prefix on console commands.
[FIX] PHP 8.2 support.
[FIX] Many fixes and improvements on native inventory.
[FIX] Reservation display on self-service profile.
[FIX] Mail collector issues with emails sent from Outlook.
[FIX] Dashboard issues on "All" tab.
[FIX] Ticket input is restored when submitted form is not complete.
[FIX] Notification was not sent when ticket status was set to "pending".
See full technical changelog for details.
We would like to thank all people who contributed to this new version and all those who contribute regularly to the GLPI project!
Besoin d'un support professionnel pour GLPI ? Pensez à GLPI Network ! https://glpi-project.org/fr/tarifs/
Connaissez-vous l'offre Cloud maintenue et supportée par l'équipe qui édite GLPI ?
Vous pouvez tester gratuitement pendant 45 jours ! https://glpi-network.cloud (ou plus si besoin)
Offline
Pages: 1