github glpi-project/glpi 9.5.6

This is a security release, upgrading is recommended

Download it

Non exhaustive list of changes:

  • [SECURITY] Disclosure of GLPI and server informations in telemetry endpoint [CVE-2021-39211]
  • [SECURITY] Autologin cookie accessible by scripts [CVE-2021-39210]
  • [SECURITY] Bypassable CSRF protection on ajax endpoints [CVE-2021-39209]
  • [SECURITY] Bypassable IP restriction on GLPI API using custom header injection [CVE-2021-39213]
  • FIX Mailgate "Missing type for Ticket template" warning
  • FIX Display of images in tickets from collected mails
  • FIX Encoding issue with emails in GB2312 containing special characters
  • FIX Emails rules not working after upgrading to 9.5.5
  • FIX Incorrect KPIs Dashboards compared to the GLPI filter
  • FIX marking LDAP user as deleted after a failed password
  • FIX Prevent usage of date filters on full LDAP sync
  • and more!

See changelog for details.

one month ago