This is a security release, upgrading is recommended
Non exhaustive list of changes:
- [SECURITY] Disclosure of GLPI and server informations in telemetry endpoint [CVE-2021-39211]
- [SECURITY] Autologin cookie accessible by scripts [CVE-2021-39210]
- [SECURITY] Bypassable CSRF protection on ajax endpoints [CVE-2021-39209]
- [SECURITY] Bypassable IP restriction on GLPI API using custom header injection [CVE-2021-39213]
- FIX Mailgate "Missing type for Ticket template" warning
- FIX Display of images in tickets from collected mails
- FIX Encoding issue with emails in GB2312 containing special characters
- FIX Emails rules not working after upgrading to 9.5.5
- FIX Incorrect KPIs Dashboards compared to the GLPI filter
- FIX marking LDAP user as deleted after a failed password
- FIX Prevent usage of date filters on full LDAP sync
- and more!
See changelog for details.