You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2024-03-14 17:30:09

francois-teclib
Expert GLPI
From: TECLIB
Registered: 2006-11-05
Posts: 76
Website

GLPI 10.0.14

This release fixes several security issues that has been recently discovered. Update is strongly recommended!

10.0.14-DOWNLOAD_GLPI-green.svg?logo=php&logoColor=white&style=for-the-badge?logo=php&logoColor=white&style=for-the-badge

You will find below the list of security issues fixed in this bugfixes version:

  • [SECURITY - high] SQL Injection in through the search engine (CVE-2024-27096)

  • [SECURITY - moderate] Blind SSRF using Arbitrary Object Instantiation (CVE-2024-27098)

  • [SECURITY - moderate] Stored XSS in dashboards (CVE-2024-27104)

  • [SECURITY - moderate] Reflected XSS in debug mode (CVE-2024-27914)

  • [SECURITY - moderate] Sensitive fields access through dropdowns (CVE-2024-27930)

  • [SECURITY - moderate] Users emails enumeration (CVE-2024-27937)

Following the last releases of 10.0.14, a few annoying issues has been detected:

  • [FIX] Error when creating a Ticket with SLA/OLA.

  • [FIX] Weekly recurrent reservations creation does not work.

  • [FIX] Fix assign field when suppliers assign is available.

  • [FIX] Switching entities issues.

  • Several minor fixes

See full technical changelog for details.

We would like to thank all people who contributed to this new version and all those who contribute regularly to the GLPI project!


Besoin d'un support professionnel pour GLPI ? Pensez à GLPI Network ! https://glpi-project.org/fr/tarifs/

Connaissez-vous l'offre Cloud maintenue et supportée par l'équipe qui édite GLPI ?
Vous pouvez tester gratuitement pendant 45 jours ! https://glpi-network.cloud (ou plus si besoin)

Offline

Board footer

Powered by FluxBB