Releases: geniusdynamics/docker-glpi
GLPI 11.0.0
We are proud to announce the official release of GLPI 11, the latest major version of our open-source software. After months of development and community testing, GLPI 11 is now stable and ready for production.
Here is a short video introduction for this release
What’s new ?
While the full list of changes can be found in the detailed changelog, here are some of the most important highlights:
- 📦 Native custom assets: Create any type of assets to be included in the first menu, adapt theirs behaviors and their fields
- 📝 Integrated forms: With a new interactive editor, create pretty forms for your technicians and end-users.
- 🛎️ New self-service portal: Help your users to discover the services you offer.
- 🛡️ 2FA: Strengthen the authentication to GLPI
- ⚡ Webhooks: Triggers HTTP calls to external applications
- and more…
Get Started with GLPI 11 Today
You can download the new stable release here:
Documentation has also been updated to guide you through the upgrade process and help you make the most of GLPI 11.
What’s Next?
In the coming months, we’ll continue to:
- Monitor feedback and release patches when needed.
- Expand integrations and plugins to enrich the ecosystem.
- Explore new innovations to keep GLPI a modern, reliable ITSM platform.
A huge thank you to our community for their contributions in testing, translating, all the help given to complete this version.
GLPI 11.0.0-rc5
This is a RC release, do not use in production!
GLPI version 11 major release include many new features and improvements. More information will be available in the coming weeks.
GLPI 11.0.0-rc4
This is a RC release, do not use in production!
GLPI version 11 major release include many new features and improvements. More information will be available in the coming weeks.
GLPI 11.0.0-rc3
This is a RC release, do not use in production!
GLPI version 11 major release include many new features and improvements. More information will be available in the coming weeks.
GLPI 11.0.0-rc2
This is a RC release, do not use in production!
GLPI version 11 major release include many new features and improvements. More information will be available in the coming weeks.
GLPI 11.0.0-rc1
This is a RC release, do not use in production!
GLPI version 11 major release include many new features and improvements. More information will be available in the coming weeks.
GLPI 10.0.20
You can download the GLPI 10.0.20 archive on GitHub.
Many bug fixes have been made, read the full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
GLPI 10.0.17
This is a security release, upgrading is recommended
This release fixes a few security issues that have been recently discovered. Update is recommended!
You can download the GLPI 10.0.17 archive on GitHub.
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - critical] Unauthenticated session hijacking (CVE-2024-50339)
- [SECURITY - high] Account takeover through SQL injection (CVE-2024-40638)
- [SECURITY - high] Users email enumeration by unauthenticated user (CVE-2024-43416)
- [SECURITY - high] Account takeover without privilege escalation through the API (CVE-2024-47758)
- [SECURITY - high] Account takeover via the password reset feature (CVE-2024-47761)
- [SECURITY - high] Account takeover via API (CVE-2024-47760)
- [SECURITY - high] Insecure account deletion by authenticated user (CVE-2024-48912)
- [SECURITY - moderate] Authenticated SQL Injection (CVE-2024-45608)
- [SECURITY - moderate] Authenticated SQL injection in ticket form (CVE-2024-41679)
- [SECURITY - moderate] Stored XSS in RSS feeds (CVE-2024-45611)
- [SECURITY - moderate] Stored XSS via document upload (CVE-2024-47759)
- [SECURITY - moderate] Multiple reflected XSS (CVE-2024-43417, CVE-2024-43418, CVE-2024-45609, CVE-2024-45610, CVE-2024-41678)
Many bug fixes have also been made, read the full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
GLPI 10.0.16
This is a security release, upgrading is recommended
This release fixes a few security issues that have been recently discovered. Update is recommended!
You can download the GLPI 10.0.16 archive on GitHub.
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - high] Account takeover via SQL Injection in AJAX scripts (CVE-2024-37148)
- [SECURITY - high] Remote code execution through the plugin loader (CVE-2024-37149)
- [SECURITY - moderate] Authenticated file upload to restricted tickets (CVE-2024-37147)
Also, here is a short list of main changes done in this version:
- [FIX] Freesize database field was not correctly migrated
- [FIX] Network inventoried stacked switches had all the same name
- [FIX] Remove monitors from inventory when no monitor is present
- [FIX] Import location hierarchy from LDAP and Inventory
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.
GLPI 10.0.15
This is a security release, upgrading is recommended
This release fixes a few security issues that have been recently discovered. Update is recommended!
You can download the GLPI 10.0.15 archive on GitHub.
You will find below the list of security issues fixed in this bugfixes version:
- [SECURITY - high] Authenticated SQL injection from map search (CVE-2024-31456)
- [SECURITY - high] Account takeover via SQL Injection in saved searches feature (CVE-2024-29889)
Also, here is a short list of main changes done in this version:
- [FIX] Fix used right by reservation form.
- [FIX] Do not rely on input to apply rules rights.
- [FIX] Always store updated SMTP Oauth refresh token.
- [TASK] Upgrade tinymce.
The full changelog is available for more details.
We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!
Regards.