Caution
This is a security release. All Snipe-IT users are strongly encouraged to upgrade.
Warning
FYI, in our excitement to get this released, we mistakenly tagged this as 7.1.14 instead of 7.0.14 (yay, automation, amirite?) Unfortunately, deleting tags makes this more difficult for our docker users, so we're just running with it. Sorry for the confusion, but you didn't miss anything, it was just a simple typo. We'll update the version.php file so at least they both agree. There are no new server requirements or libraries required outside of the standard 7.x.x requirements to handle this upgrade.
We seem to be getting a lot of mileage from that gif these days. 🫠
This is a security release that handles several CVEs, including CVE-2024-52301, which was just patched in the Laravel core yesterday.
While hosted customers were NOT affected (we do not have register_argc_argv enabled on any of our servers), self-hosted community users and support-only customers are encouraged to upgrade as soon as possible, or at the very least make sure that setting is not enabled in your php.ini.
In addition to the security patches, we have also added some new features, such as:
- Ability to import Asset Models (without accompanying assets) via the Importer
- Ability to override or null out the EOL date for assets via the asset bulk edit screen
- Optimized some queries and indexes to speed things up a bit
- Fixed a bug where OU was accidentally required to create locations via the GUI
- Miscellaneous UI improvements and fixes
- Full changelog can be found below
As always, still lots more on deck.
PS - we will likely be discontinuing posting updates on our Twitter account moving forward. Instead, find us in these other places:
- Join our Discord!
- Bluesky at @snipeitapp.com
- Mastodon at hachyderm.io/@grokability
- Our blog at Grokstar.Dev
- Subscribe here on Github for notifications about new releases. (Click on "Watch" on the main repo page, then go to "Custom" and check the box that says "Releases".)
What's Changed
- Fixed numeric sort 'ambiguous order clause' error by @uberbrady in #15610
- Fixed print assigned in profile by @snipe in #15612
- Smarter word-wrapping on long text by @snipe in #15613
- Add Import data tests by @bryanlopezinc in #15579
- Removed duplicate JS and removed line break before user section by @snipe in #15624
- Docker Env: Change trusted proxies to RFC1918 by @sniff122 in #15621
- Added
Model::reguard()to importer by @marcusmoore in #15603 - Improve importer tests by @marcusmoore in #15616
- Only show EULA when available on print users page by @marcusmoore in #15630
- Add importer tests by @marcusmoore in #15631
- Fix bulk checkout to users, assets, and locations by @uberbrady in #15642
- Fixed badge counter showing deleted assets on user detail page by @akemidx in #15637
- Fixed #15439 - check database on healthcheck by @snipe in #15601
- Updated livewire to 3.5.2 by @snipe in #15648
- Switched to form requests for settings to better indicate invalid data by @snipe in #15644
- Fixed #15651 - admin user now displaying on maintenances page by @snipe in #15653
- Added tests for accessory api controller by @marcusmoore in #15533
- Fixes #15654 Fix asset creation with API and FullMultipleCompanySupport by @Toreg87 in #15655
- Refactor asset creation with API by @Toreg87 in #15660
- Added LLM note by @snipe in #15666
- Fixed #15663 - remove requiredness for OU by @snipe in #15669
- Fixed
updated_atfor sort in users API by @snipe in #15671 - Clean up how we use the
$locationin LDAP sync command by @uberbrady in #15672 - Fix outdated comment in CompanyableTrait by @Toreg87 in #15683
- Bulk checkout to bulk actions for assets by @uberbrady in #15680
- Removed second icon in accessory file list by @marcusmoore in #15704
- Added test to ensure icon component does not end in newline by @marcusmoore in #15705
- Removed brianium/paratest by @marcusmoore in #15693
- Linked accessory files in activity report by @marcusmoore in #15703
- Fix user creation with FullMultipleCompanySupport enabled over API by @Toreg87 in #15676
- Fixed custom field existence validation Issue by @spencerrlongg in #15598
- Improve import performance by @bryanlopezinc in #15649
- Better handle inline files in file listing by @snipe in #15689
- Fixed Status Labels Error Message by @Godmartinz in #15566
- Fixed #15686: Corrected capitalization for dashboard section titles by removing
strtolower()by @NebelKreis in #15687 - Updated
Company::getIdForCurrentUser()to return null in certain scenarios by @marcusmoore in #15691 - Fixes #15701 - load avif files properly in lightbox by @snipe in #15710
- Fixed custom field checkboxes on asset edit page by @marcusmoore in #15711
- Fixed #15717 - Added ability to checkout consumables in variable qty via API by @snipe in #15719
- Fixed #15695 - Added manufacturer and model_number to components by @snipe in #15720
- Fixed Component Factory: use manufacturer factory for
manufactuer_idby @Godmartinz in #15722 - Upgraded
livewire v3.5.9 => v3.5.12by @Godmartinz in #15712 - Fixed multi create partial failure (fixes: [RB-18591]) by @uberbrady in #15550
- Added the display of logs when tests fail in GitHub Actions by @marcusmoore in #15744
- Separated Notifications and Emails: Check ins and Check outs by @Godmartinz in #15681
- changes
admin_cc_emailvalidation to allow an array by @Godmartinz in #15756 - Fixed
${var}deprecation warning in License model by @jerm in #15758 - Fixed MS Team Notifications to utilize workflows after deprecation by @Godmartinz in #15731
- Fixed emails not being sent if target has no email or if not instance of User. Cc_emails will still be sent. by @Godmartinz in #15763
- Added missing Livewire file by @marcusmoore in #15765
- Revert "Added the display of logs when tests fail in GitHub Actions" by @marcusmoore in #15771
- Fixed notifications for licenses and asset to asset checkoutables by @Godmartinz in #15773
- Fixed CVE-2024-50342, CVE-2024-50345, CVE-2024-51736 by @joelpittet in #15779
- Added Checkout ID column to user accessory table by @marcusmoore in #15774
- Add new indexes to locations and users for faster manager lookups by @uberbrady in #15780
- Added EOL date to bulk asset edit by @snipe in #15792
- Added ability to specify null for calculation or explicit on bulk asset edit by @snipe in #15793
- Check that the file exists before trying to download stored EULA by @snipe in #15794
- Fixes Assets location not being resynced when Users location is updated via LDAP by @Godmartinz in #14441
- Updated deprecated trigger for ms teams by @Godmartinz in #15799
- Updated Laravel, additional packages for CVE-2024-52301 by @snipe in #15804
- Fixed license serial gate in markdown by @Godmartinz in #15805
- Added ability to import asset models (separate from assets) by @snipe in #15802
- Fixed dark background to fieldsets and right border by @Godmartinz in #15784
- Fixed login button disappearing under some circumstances with custom CSS by @akemidx in #15730
- Fixed checkin/checkout email boolean check for Licenses by @Godmartinz in #15808
- Patch for whitespace causing HTTP 500 errors. by @DarrenRainey in #15807
- Fixed Microsoft Teams notifications by @marcusmoore in #15809
New Contributors
- @sniff122 made their first contribution in #15621
- @NebelKreis made their first contribution in #15687
- @DarrenRainey made their first contribution in #15807
Full Changelog: v7.0.13...v7.1.14