github glpi-project/glpi 10.0.16

latest release: 11.0.0-alpha
4 months ago

This is a security release, upgrading is recommended

Download it

This release fixes a few security issues that have been recently discovered. Update is recommended!

You can download the GLPI 10.0.16 archive on GitHub.

You will find below the list of security issues fixed in this bugfixes version:

  • [SECURITY - high] Account takeover via SQL Injection in AJAX scripts (CVE-2024-37148)
  • [SECURITY - high] Remote code execution through the plugin loader (CVE-2024-37149)
  • [SECURITY - moderate] Authenticated file upload to restricted tickets (CVE-2024-37147)

Also, here is a short list of main changes done in this version:

  • [FIX] Freesize database field was not correctly migrated
  • [FIX] Network inventoried stacked switches had all the same name
  • [FIX] Remove monitors from inventory when no monitor is present
  • [FIX] Import location hierarchy from LDAP and Inventory

The full changelog is available for more details.

We would like to thank all people who contributed to this new version and all those who contributes regularly to the GLPI project!

Regards.

Don't miss a new glpi release

NewReleases is sending notifications on new releases.