github glpi-project/glpi 9.5.2

This is a security release, upgrading is highly recommended

Note: some of fixed vulnerabilities are present since a long time (0.68).

Download it

Non exhaustive list of changes:

  • [security] SQL injection with a query parameter of user form (CVE-2020-15176)
  • [security] Removal of .htaccess file in the files folder via a plugin endpoint (CVE-2020-15175)
  • [security] Leakage issue with knowledge base (CVE-2020-15217)
  • [security] Stored XSS in install script (CVE-2020-15177)
  • [security] Minor SQL Injection in Search API (CVE-2020-15226)
  • several mailgate issues
  • several dashboards issues
  • dashboards improvements: personnal filters, new summary and articles widgets, ...
  • and more!

See changelog for details.

latest releases: 9.5.6, 9.5.5, 9.5.4...
12 months ago