Arthur Schaefer

GLPI 10.0.10 Release: Important Updates

The GLPI version 10.0.10 is set to launch today, September 25, 2023.

The 10th update of version 10 not only brings bug fixes but also includes three high-risk security fixes and four moderate-risk corrections to your instance.

All these vulnerabilities are documented in the CVEs listed below:

  • [SECURITY – High] Account control via SQL Injection in UI layout preferences (CVE-2023-41320).
  • [SECURITY – High] Account control via Kanban feature (CVE-2023-41326).
  • [SECURITY – High] Account control through API (CVE-2023-41324).
  • [SECURITY – Moderate] Enumeration of sensitive fields through API (CVE-2023-41321).
  • [SECURITY – Moderate] Escalation of technician privileges to superadmin (CVE-2023-41322).
  • [SECURITY – Moderate] User login enumeration by unauthenticated user (CVE-2023-41323).
  • [SECURITY – Moderate] Phishing through malicious login page URL (CVE-2023-41888).

Among the bug fixes, some address issues in business rules that caused unavailability after upgrading to 10.0.9 due to specific characters in criteria or actions.

In contracts, it is now possible to update the contract renewal method through bulk update – whether it’s Tacit or Explicit. We discussed contract update methods in this video, and Jorge provided a more comprehensive overview of contracts in this video.

These fixes will be of interest to LDAP authentication users and those considering the use of MySQL 8.1 and PHP 8.3.

There has also been an effort to improve the loading of timeline functions for GLPI items such as tickets, changes, and problems. Additionally, specific items in asset management and visualization have been addressed for those transitioning from Fusion Inventory to GLPI Inventory.

You can download the new version here and check the official announcement on the GLPI website here, as well as the complete list of corrections here.

Instances of GLPI Network Cloud will be promptly updated to cover these fixes. Depending on when you read this post, they may already be updated.

Please note that version 9.5 will not receive the same corrections as it was discontinued on July 1, 2023.

Publicado

em

, ,

por

Arthur Schaefer

Tags:

, ,

Comentários

Uma resposta para “GLPI 10.0.10 Release: Important Updates”

  1. Avatar de Satyendra
    Satyendra

    Hi Arthur,
    I have migrated the GLPI version from 9.2.3 to 10.0.10, noticed the below issue.
    1. Unable to login with admin user but can login AD user’s
    2. Mail notification is not working.

    Please guide us to fix this issue ASAP.

    Responder

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *